Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Microstub.exe

Overview

General Information

Sample name:Microstub.exe
Analysis ID:1408633
MD5:02bd5dd672a21a001e4b82e2a6031d30
SHA1:777476e4e9bab85545e977279572b38d83869261
SHA256:c230c739f9107e8fd871f2158e2299e010679aed34fb419cd8c9acc8cc4a9a24
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to infect the boot sector
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Tries to delay execution (extensive OutputDebugStringW loop)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Microstub.exe (PID: 7716 cmdline: C:\Users\user\Desktop\Microstub.exe MD5: 02BD5DD672A21A001E4B82E2A6031D30)
    • avast_free_antivirus_setup_online_x64.exe (PID: 7852 cmdline: "C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 MD5: 3EE70E7C9C9C36265A818BA9771BBD4C)
      • Instup.exe (PID: 8068 cmdline: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 MD5: 867935B7C2F24E028AE2F3D87409D273)
        • instup.exe (PID: 432 cmdline: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 /online_installer MD5: 867935B7C2F24E028AE2F3D87409D273)
          • aswOfferTool.exe (PID: 3032 cmdline: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevated MD5: 5A74306235AE537F426B84E2DCD48AFA)
          • aswOfferTool.exe (PID: 3952 cmdline: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" /check_secure_browser MD5: 5A74306235AE537F426B84E2DCD48AFA)
          • aswOfferTool.exe (PID: 3552 cmdline: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChrome -elevated MD5: 5A74306235AE537F426B84E2DCD48AFA)
          • aswOfferTool.exe (PID: 3524 cmdline: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC MD5: 5A74306235AE537F426B84E2DCD48AFA)
            • aswOfferTool.exe (PID: 7988 cmdline: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC MD5: 5A74306235AE537F426B84E2DCD48AFA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine|base64offset|contains: ^r@E+*', Image: C:\Users\Public\Documents\aswOfferTool.exe, NewProcessName: C:\Users\Public\Documents\aswOfferTool.exe, OriginalFileName: C:\Users\Public\Documents\aswOfferTool.exe, ParentCommandLine: "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC, ParentImage: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe, ParentProcessId: 3524, ParentProcessName: aswOfferTool.exe, ProcessCommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, ProcessId: 7988, ProcessName: aswOfferTool.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EAB0E0 CryptDestroyHash,CryptDestroyHash,0_2_00EAB0E0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA82F0 CryptDestroyHash,0_2_00EA82F0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA9250 CryptGenRandom,GetLastError,__CxxThrowException@8,0_2_00EA9250
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,0_2_00EA9450
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,0_2_00EA8DC0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00EA9020
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA8260 CryptDestroyHash,0_2_00EA8260
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00EA9340
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA94D0 CryptHashData,GetLastError,__CxxThrowException@8,0_2_00EA94D0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA8EF0 CryptReleaseContext,0_2_00EA8EF0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EC2660 CryptReleaseContext,0_2_00EC2660
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB88920 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,4_2_00007FF72DB88920
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE758920 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,8_2_00007FF6AE758920
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_a29def1f-6
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe
Uses 32bit PE files
Source: Microstub.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: Microstub.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.8:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49743 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Microstub.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.1429876186.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb8 source: Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdbv source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000A.00000002.1659114128.0000000000CD9000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000A.00000002.1659114128.0000000000CD9000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb~ source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.1429876186.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: Microstub.exe, 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1367227361.0000000000EC3000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EBA4B5 FindFirstFileExW,0_2_00EBA4B5

Networking

barindex
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: iavs9x.u.avcdn.net
Source: unknownHTTP traffic detected: POST /cgi-bin/iavsevents.cgi HTTP/1.1Connection: Keep-AliveContent-Type: iavs4/statsContent-MD5: TvsG+/X/F/qm+2eqF4rm1Q==User-Agent: Avast SimpleHttp/3.0Content-Length: 361Host: v7event.stats.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5xcgi
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xpnyw
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18.u.avcdn.net/vps18p
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny)
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5xiny-2
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5xxpSkyp#
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xp=1
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xpC=365
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny4
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tinyowIn
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x8tinykLis
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9xxp24
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18avde
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18z
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tinyecte
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitroFilter
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny37:1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp5
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tinyZ
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tinyt
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro(
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Microstub.exe, 00000000.00000003.1388390134.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388376258.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/3
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/ed
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/n
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.comirsBaseUrlLastReport(
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9xcgiy-
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18:
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18gW
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid$F
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE52A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclidTM
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601856876.000001DDCD36E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xprc
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x.b
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x8tinyr
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9tiny.u.avast.com/ivps9tiny?
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotinysR
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ftp://UnknownWindows-3.11Windows-95Windows-95-OSR2Windows-98Windows-98-SEWindows-MEWindows-CE
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xp=%us7
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xpq
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x.cgi
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x8tinyrs%/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny.ava
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tinyF
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9xxp_daysaf
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18.u.avcdn.net/vps18CS8
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny637:1
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php85SJ
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpSW(
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpYU
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpkT
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpoS
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/hp-TR
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/u
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xpFEu
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x.cgi=
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x9tinymE
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9xPEc
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotinye
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9x9tiny/n
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18?SD
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18n
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18p.-_
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tinyHn
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/beta-one/avast_cleanup_online_setup.exe
Source: instup.exe, 00000008.00000002.3222588625.000001DDCD330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exe
Source: Microstub.exe, 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1367227361.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5xcgiyTimiz
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xp28=1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x9tiny1;-9
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tinyex=3
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tinym/to
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9xcgie=analyt
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny999
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tinymeOut=17
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro1
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitroERVAL=33p
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotinyD
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.comLO.3120accountkeysCCT
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs5x.u.avast.com/iavs5xVc
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xpmd
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9xjc/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps180M-_
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18J
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18MV2
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny0O
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp7
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp8
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9xcgi
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tinyE
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9x8tinyM
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18.u.avcdn.net/vps18avcf
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tinyw
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitro:
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitroj
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/9x-x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/9x-xpR
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xph
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494673534.000002D560348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000003.1502977773.000002D560348000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a31.vpx
Source: Instup.exe, 00000004.00000003.1502977773.000002D560348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a31.vpxk
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/instcont_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/instup_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000003.1555489358.000002D560349000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x/setgui_x64_ais-a31.vpx
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9xcgiy
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9xogramFolder)
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9xxpZ
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitros
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotinyP
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220719229.000002D55F191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitroxD
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp.sb.
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9xcgiAppl
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tinyigNa/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18j
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18yT
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tinyd
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tinylcom
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitroasyP
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5x0)6
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xpef
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tiny1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tinyth
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9xcgiG
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tiny/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyg
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xpM
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tinyq
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18)UN
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18avde
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tinyS
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro)
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1397287047.000001D53339E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1395752850.000001D53339D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1395352264.000001D53338F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1395452959.000001D533392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Microstub.exe, 00000000.00000003.1388390134.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388376258.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9xcgiy3
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tiny~K
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601856876.000001DDCD36E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tinyBJq
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinyP
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinyl
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x-xpny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny$
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.coms
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.comtall
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5x8tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5xxpeive
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xpny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18.u.avcdn.net/vps18N
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotinyH
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotinyx
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5x8tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xpain=
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xpess=risee
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x8tinyi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tinyA
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tinyrtranch.
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9xcgiresh
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18WS
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18avde
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tinyordprote
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitro3.1396
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitrorams=
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotinyg
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xpnyipm-
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x8tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x9tiny1;-3
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tinyewNetwor
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tinyttp2a
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18.u.avcdn.net/vps18eS
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tiny99999
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tinyteRe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro;-2
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitroG
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotinyd
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xpe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xpso
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9x8tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9xcgi6n
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18Z
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18uT
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitroj
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x8tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x9tiny=0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xpnyonda
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tinyc
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tinyYXRp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitrock_o
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotiny37:1
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotinyl
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xpqDD
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9xTDg
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18avcfl
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitro7E
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny(
Source: instup.exe, 00000008.00000003.1600839487.000001DDCD696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secureline.avast.tools.avcdn.net/tools/avast/secureline/avast_secureline_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tiny.ava
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyK
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi9tinyike
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgi
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgi$n
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitro
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitropJC
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixpr=1
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/X
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/ut
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/w
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi#
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi-
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi4
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi;-10
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi=1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi=20:
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi?N
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiD
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiGoog
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiIcmp
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiL
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiavcdn.ne
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgib
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgic
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiice_CoolX
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiow_TH
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiparams=0
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiup/a
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgivIE
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiyerty
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpj5vbo
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps18UU
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tinyk
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/?
Source: Microstub.exe, 00000000.00000002.3217856043.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/H
Source: Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: Microstub.exe, 00000000.00000002.3217856043.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgie&
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/u
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/~
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xpnywKF
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x.cgi
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x/servers.def.vpx
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tinyEJh
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: Microstub.exe, 00000000.00000003.1388314747.0000000006E61000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388350867.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1573247335.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223405701.000002D560550000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568967008.000002D560551000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com//
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/intl/%s/toolbar/ie/partnereula.htmlAvBehav_Gtoolbargtoolbar_installgtoolbar_tx
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xpRIa
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tinyQ
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp:19X._
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xpnsionIns
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x8tinyess=-
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tinygs=4
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tinyt
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9xtro)RANGE-.
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps189S
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps18H
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tinyZ
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tinyd
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitroyp)
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny7:1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menu
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menu%
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menuP
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avast-online-security/
Source: Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avast-online-security/.exe
Source: Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avast-online-security/24
Source: Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avast-online-security/PR
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dP
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dnorton_account_idslicensehttps://analytics.avcdn
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.nethttps://analytics.avcdn.net/v4/receive/json/67A1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058668797.000001D530CB9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530CBF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058490370.000001D530CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/15Error
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/15k
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058668797.000001D530CB9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C81000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530CBF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058490370.000001D530CB9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218187453.000001D530C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535C89000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058326970.000001D535C87000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421381054.000001D535C89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058668797.000001D530CB9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530CBF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058490370.000001D530CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70F
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C81000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218187453.000001D530C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70_
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.surfeasy.com/;https://
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-complete
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-completehttps://avg.com/installation-completeproduct_skuFreeProIntern
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avg.com/installation-complete
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE52A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe
Source: Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe?campaign_source=av_install_t
Source: Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeings)X
Source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avg_secure_browser_setup-szb.exehttps://cdn-av-download.ava
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.avast.com/static/default/js/ws-activation.js;https://checkout-stage.avast.com/stati
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chess24.com/;https://
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F37E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avast-online-security-pri/gomekmidlodglbbmalcneegieacbdmki
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fallback.nos-avg.cz./servers.json
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.comhttps://winqual.sb.avast.com/V1/MDHostapplication/octet-streamContent
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.acdn
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exe.36
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av//avast_premium_security_online_setup.exe/avast_omni_online_s
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/av
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe$
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe)h
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exell
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exeusicxt
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exe6
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exe
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exe1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeup.exe)t
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220797229.000002D55F1AC000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe
Source: Instup.exe, 00000004.00000002.3222614029.000002D560108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe0ucF9sZXgi
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exeerformed.
Source: Instup.exe, 00000004.00000002.3222614029.000002D560108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exeoiaXBtLnBf
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D447000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exe
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exe4
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exex
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D447000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exe
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exee
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exee0
Source: Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exengs)
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe(
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exekz
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeK
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exee
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeeTEM32
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeeuu
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exep
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exepll
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exesic0
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exet)
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exexe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exexe6w
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exexehv
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exez
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hsetup/avast-av/rine_setup.ex-s
Source: Microstub.exe, 00000000.00000003.1992999178.0000000000C2D000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218108858.0000000000C2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/
Source: Microstub.exe, 00000000.00000002.3217856043.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.a
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.aeDomain=http
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastiumed
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.comNzMsImN~
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.comZ2UifSwxNF19LH
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.comiff-met
Source: Instup.exe, 00000004.00000002.3219448821.000002D55D475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avas7
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avast.com
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avast.com7WL
Source: Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/$
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/0
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/818
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/N
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/O
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/bledaT
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/ed$
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/parameters:
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/ps18
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/ps18#TX
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/ps18PK-_
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/ps18QS&
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/t
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=136
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=136P
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=136e
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=137
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/ll/s
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/ts=4
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lastpass.com/;https://
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comW3siZ3Jr
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comder
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comdition
Source: Instup.exe, 00000004.00000002.3219448821.000002D55D475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comionDate8
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comrsion=3825
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comte=0
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspection
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspections
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspectionsx?
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspection
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectionnges
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectionon
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outsidt.com/v2/ins_SCAN_ESSENTIAL_port
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: instup.exe, 00000008.00000002.3224972009.000001DDCE4C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.comBESiOiJld
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.comP
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.coms-operation
Source: Instup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pamcdn.avast.com/pamcdn/extensions/install/win/extension/index.html?p_pei=%token%&cn=%cn%&cs
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quickbooksratable.api.intuit.com/;https://s-install.avcdn.net/;https://
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-WR
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xp
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xpIW.
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9xvps18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.jsonj5m
Source: Instup.exe, 00000004.00000002.3222614029.000002D560108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.jsonoutloo
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.799/updatefile.json
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.799/updatefile.jsonjp
Source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-tools.avcdn.net/tools/chrome/av-chrome-2019.exe.lzma.tmpInstallerOffers.GoogleChrome/r:
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18BccT
Source: Instup.exe, 00000004.00000003.1502977773.000002D560348000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1555489358.000002D560349000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494673534.000002D560348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18elyOnly
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tiny
Source: instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tiny;W
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitro.avcdn.net/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotinyjLI
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stdl.qq.com/;https://
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://storage.cloud.google.com/;https://services.google.com/;https://lh
Source: Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netal
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netdrn
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.neted
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.nethe
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netm13
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netv
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.avast.com/issue_detailstatus_imgredlevelyellowbluehintadditionaldescriptionissue_act
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/;https://accounts.google.com/;https://ssl.gstatic.com/;https://clients6.g
Source: instup.exe, 00000008.00000002.3223699346.000001DDCDD50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc.ida.avast.com/magician/repository/download/WinDev_Projects_SecureLineBuild/.lastSuccessfu
Source: instup.exe, 00000008.00000003.1601856876.000001DDCD36E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin
Source: Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi$
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi
Source: Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi0
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi37:1h
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi3NVD
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi4
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiL
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiP
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiX
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgid
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgip
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgit
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi:
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiNVD
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgidef
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiic
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiicd8d
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiini4
Source: Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny$
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny(
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny37:1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny37:18
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny38NVD
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny637:1p
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyT
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyh
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyl
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyp
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyt
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiot
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgity
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgivastlict
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058668797.000001D530CB9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535CB2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058326970.000001D535CB2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530CBF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058490370.000001D530CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535CB2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058326970.000001D535CB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/I
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535CB2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058326970.000001D535CB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/N
Source: instup.exe, 00000008.00000003.1601856876.000001DDCD36E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.c
Source: Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi.def
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi37:1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi37:1h
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi4
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi7:1
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiD
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiH
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiL
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiO
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiP
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiT
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiU3
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535CB2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058326970.000001D535CB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiW
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C81000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218187453.000001D530C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiY
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi_
Source: Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgid
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1442346601.000001D530CEC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1442987435.000001D530CF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiff
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgip
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgit
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comavast_streamback_
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.comhttps://hns-legacy.sb.avast.comhttps://submit.sb.avast.comhttps://virusl
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wow-upgrade.uc.cn/;https://
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/%s/eula#pchttps://www.avg.com/%s/eula#pchttps://www.avira.com/en/license-agree
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/chrome/browser/privacy/eula_text.htmlhttps://www.google.com/chrome/br
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/policies/terms/
Source: Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sharelatex.com/;https://
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.8:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49743 version: TLS 1.2
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA828AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,8_2_00007FFBAA828AF0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA828AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,8_2_00007FFBAA828AF0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA828570 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,RegisterClipboardFormatW,SetClipboardData,CloseClipboard,8_2_00007FFBAA828570
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA68EF00 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,8_2_00007FFBAA68EF00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB72980 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,4_2_00007FF72DB72980
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB85D00 RegCloseKey,SetLastError,RegSetValueExW,RegCloseKey,SetLastError,RegQueryMultipleValuesW,RegCloseKey,SetLastError,NtClose,4_2_00007FF72DB85D00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00007FF72DA5F560
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,8_2_00007FF6AE62F560
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE755D00 RegCloseKey,SetLastError,RegSetValueExW,RegCloseKey,SetLastError,RegQueryMultipleValuesW,RegCloseKey,SetLastError,NtClose,8_2_00007FF6AE755D00
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EAA100: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_00EAA100
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA52F00_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EABB700_2_00EABB70
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EBC9D00_2_00EBC9D0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EC126C0_2_00EC126C
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EAD3400_2_00EAD340
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EAEDE00_2_00EAEDE0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB66E40_2_00EB66E4
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EBCE7E0_2_00EBCE7E
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF764B610002_2_00007FF764B61000
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF764C41EE82_2_00007FF764C41EE8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5CE404_2_00007FF72DA5CE40
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA4B5E04_2_00007FF72DA4B5E0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5E5204_2_00007FF72DA5E520
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA4C04B4_2_00007FF72DA4C04B
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB8A7204_2_00007FF72DB8A720
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5C2D04_2_00007FF72DA5C2D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB863004_2_00007FF72DB86300
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA29A814_2_00007FF72DA29A81
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB849804_2_00007FF72DB84980
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB889204_2_00007FF72DB88920
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB85D004_2_00007FF72DB85D00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5A4704_2_00007FF72DA5A470
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA25F004_2_00007FF72DA25F00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBEDE104_2_00007FF72DBEDE10
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB7F5504_2_00007FF72DB7F550
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBF00A84_2_00007FF72DBF00A8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA368104_2_00007FF72DA36810
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA210004_2_00007FF72DA21000
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA398004_2_00007FF72DA39800
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBFD7784_2_00007FF72DBFD778
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA607704_2_00007FF72DA60770
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA223104_2_00007FF72DA22310
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA362504_2_00007FF72DA36250
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBEDA3C4_2_00007FF72DBEDA3C
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBEE1E44_2_00007FF72DBEE1E4
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA251F24_2_00007FF72DA251F2
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB7B1D04_2_00007FF72DB7B1D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DAD09404_2_00007FF72DAD0940
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA259604_2_00007FF72DA25960
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB8ACE04_2_00007FF72DB8ACE0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBFC4904_2_00007FF72DBFC490
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA2D3E04_2_00007FF72DA2D3E0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA313304_2_00007FF72DA31330
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DC00B204_2_00007FF72DC00B20
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5DB904_2_00007FF72DA5DB90
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA27B704_2_00007FF72DA27B70
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE61C04B8_2_00007FF6AE61C04B
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7589208_2_00007FF6AE758920
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE61B5E08_2_00007FF6AE61B5E0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE75A7208_2_00007FF6AE75A720
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62CE408_2_00007FF6AE62CE40
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62A4708_2_00007FF6AE62A470
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62E5208_2_00007FF6AE62E520
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7549808_2_00007FF6AE754980
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F9A818_2_00007FF6AE5F9A81
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7563008_2_00007FF6AE756300
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62C2D08_2_00007FF6AE62C2D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE6307708_2_00007FF6AE630770
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7BDFFC8_2_00007FF6AE7BDFFC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F10008_2_00007FF6AE5F1000
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE6068108_2_00007FF6AE606810
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE6098008_2_00007FF6AE609800
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7CD7788_2_00007FF6AE7CD778
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7BD8548_2_00007FF6AE7BD854
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE74F5508_2_00007FF6AE74F550
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F5F008_2_00007FF6AE5F5F00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62DB908_2_00007FF6AE62DB90
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F7B708_2_00007FF6AE5F7B70
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7BDC288_2_00007FF6AE7BDC28
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5FD3E08_2_00007FF6AE5FD3E0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7BFCDC8_2_00007FF6AE7BFCDC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE75ACE08_2_00007FF6AE75ACE0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7BECF88_2_00007FF6AE7BECF8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE755D008_2_00007FF6AE755D00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7CC4908_2_00007FF6AE7CC490
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE74B1D08_2_00007FF6AE74B1D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F59608_2_00007FF6AE5F5960
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE6A09408_2_00007FF6AE6A0940
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F51F28_2_00007FF6AE5F51F2
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7D0B208_2_00007FF6AE7D0B20
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE6062508_2_00007FF6AE606250
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE6013308_2_00007FF6AE601330
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE5F23108_2_00007FF6AE5F2310
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7C19208_2_00007FFBAA7C1920
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA686F8C8_2_00007FFBAA686F8C
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7E2CA08_2_00007FFBAA7E2CA0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6934708_2_00007FFBAA693470
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA69AB008_2_00007FFBAA69AB00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA94FB1C8_2_00007FFBAA94FB1C
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6E1AF08_2_00007FFBAA6E1AF0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA932B848_2_00007FFBAA932B84
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8F1B708_2_00007FFBAA8F1B70
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8FCAE08_2_00007FFBAA8FCAE0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA713B008_2_00007FFBAA713B00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA69DC008_2_00007FFBAA69DC00
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA748BC08_2_00007FFBAA748BC0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA930BA48_2_00007FFBAA930BA4
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6CB9108_2_00007FFBAA6CB910
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9319548_2_00007FFBAA931954
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BA9908_2_00007FFBAA6BA990
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA86E8C08_2_00007FFBAA86E8C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6CF9508_2_00007FFBAA6CF950
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6C29D08_2_00007FFBAA6C29D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D5A808_2_00007FFBAA6D5A80
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6B6A708_2_00007FFBAA6B6A70
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA95EF608_2_00007FFBAA95EF60
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA877F7C8_2_00007FFBAA877F7C
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6E4F708_2_00007FFBAA6E4F70
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9030208_2_00007FFBAA903020
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA95A01C8_2_00007FFBAA95A01C
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7C20708_2_00007FFBAA7C2070
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9320708_2_00007FFBAA932070
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BEFA08_2_00007FFBAA6BEFA0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA932FB88_2_00007FFBAA932FB8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6C30508_2_00007FFBAA6C3050
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D70408_2_00007FFBAA6D7040
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA94EFEC8_2_00007FFBAA94EFEC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA715D308_2_00007FFBAA715D30
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA69DCD08_2_00007FFBAA69DCD0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA70AD808_2_00007FFBAA70AD80
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA93BCD08_2_00007FFBAA93BCD0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D6DB08_2_00007FFBAA6D6DB0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BADA08_2_00007FFBAA6BADA0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6E5E808_2_00007FFBAA6E5E80
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6C12E08_2_00007FFBAA6C12E0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D02C08_2_00007FFBAA6D02C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D62C08_2_00007FFBAA6D62C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7492C08_2_00007FFBAA7492C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8F94208_2_00007FFBAA8F9420
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA68B3A08_2_00007FFBAA68B3A0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6CB4908_2_00007FFBAA6CB490
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9303FC8_2_00007FFBAA9303FC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7661608_2_00007FFBAA766160
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D60D08_2_00007FFBAA6D60D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7C71608_2_00007FFBAA7C7160
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6E20A08_2_00007FFBAA6E20A0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6CD0A08_2_00007FFBAA6CD0A0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7E00E08_2_00007FFBAA7E00E0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6C02108_2_00007FFBAA6C0210
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6B62108_2_00007FFBAA6B6210
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D72008_2_00007FFBAA6D7200
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8FA2608_2_00007FFBAA8FA260
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9431F08_2_00007FFBAA9431F0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA79B7308_2_00007FFBAA79B730
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8FA7508_2_00007FFBAA8FA750
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BD7608_2_00007FFBAA6BD760
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8FC6F08_2_00007FFBAA8FC6F0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6C07208_2_00007FFBAA6C0720
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BC8108_2_00007FFBAA6BC810
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA7088308_2_00007FFBAA708830
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA68E8908_2_00007FFBAA68E890
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BF8908_2_00007FFBAA6BF890
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9307D08_2_00007FFBAA9307D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA69D5908_2_00007FFBAA69D590
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA94F49C8_2_00007FFBAA94F49C
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6D55508_2_00007FFBAA6D5550
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9544F08_2_00007FFBAA9544F0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA8286308_2_00007FFBAA828630
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6B55C08_2_00007FFBAA6B55C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA6BE6208_2_00007FFBAA6BE620
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00B730809_2_00B73080
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 14_2_00E5308014_2_00E53080
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: String function: 00007FFBAA8696BC appears 32 times
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: String function: 00007FFBAA7C6E70 appears 31 times
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: String function: 00007FFBAA8EF6C0 appears 44 times
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: String function: 00007FF6AE5F67A0 appears 113 times
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: String function: 00007FFBAA92E900 appears 47 times
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: String function: 00007FF72DA267A0 appears 113 times
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: offertool_x64_ais-a31.vpx.4.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: asw88ac55f085125d05.tmp.4.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswOfferTool.exe.12.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: version.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: Microstub.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.troj.evad.winEXE@16/60@84/2
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_00EA52F0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00007FF72DA5F560
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA1930 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GlobalFree,CoInitializeEx,CoCreateInstance,GetDC,CreateDIBSection,ReleaseDC,DeleteObject,0_2_00EA1930
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA38C0 CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,FindResourceW,LoadResource,wsprintfW,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,0_2_00EA38C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exe
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeMutant created: NULL
Source: C:\Users\user\Desktop\Microstub.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_304d60b98439f5aff2e9ccd87a1f1edb
Source: C:\Users\user\Desktop\Microstub.exeFile created: C:\Windows\Temp\asw.80de90b54f96a0a4Jump to behavior
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /silent0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /cookie0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /ppi_icd0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /cust_ini0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Enabled0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxyType0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Port0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: User0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Password0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Properties0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /smbupd0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: enable0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: mirror0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: count0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: servers0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: urlpgm0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: server00_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: http://0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: https://0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: allow_fallback0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: mirror0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: installer.exe0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: {versionSwitch}0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: stable0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: %s\%s0_2_00EA52F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: X>0_2_00EA52F0
Source: Microstub.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw2c8b7c837830ec7c.iniJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: instup.exeString found in binary or memory: <!--StartFragment-->
Source: instup.exeString found in binary or memory: animation-start!
Source: unknownProcess created: C:\Users\user\Desktop\Microstub.exe C:\Users\user\Desktop\Microstub.exe
Source: C:\Users\user\Desktop\Microstub.exeProcess created: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 /online_installer
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevated
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" /check_secure_browser
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChrome -elevated
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeProcess created: C:\Users\Public\Documents\aswOfferTool.exe "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
Source: C:\Users\user\Desktop\Microstub.exeProcess created: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4Jump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4Jump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 /online_installerJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevatedJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" /check_secure_browserJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChrome -elevatedJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFCJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile written: C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw2c8b7c837830ec7c.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Microstub.exeStatic PE information: certificate valid
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Microstub.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.1429876186.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb8 source: Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdbv source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000A.00000002.1659114128.0000000000CD9000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1421439366.000001D537368000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1586433683.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1568632752.000002D560EC4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.1393157725.00007FF764C71000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D537003000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1583076698.000002D561C16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1577074654.000002D560D5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.1556164870.000002D560D5D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1584963382.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000A.00000002.1659114128.0000000000CD9000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000004.00000003.1503703564.000002D560D55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb~ source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1419719060.000001D535D85000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.1429876186.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1516353245.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.1576115114.000002D560D5A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000004.00000003.1495752822.000002D560D53000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1574393663.000002D560D5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: Microstub.exe, 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1367227361.0000000000EC3000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA21B0 KillTimer,InterlockedExchange,DefWindowProcW,GetWindowRect,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_00EA21B0
Source: Microstub.exeStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: _RDATA
Source: HTMLayout.dll.2.drStatic PE information: section name: _RDATA
Source: Instup.exe.2.drStatic PE information: section name: _RDATA
Source: avbugreport_x64_ais-a31.vpx.4.drStatic PE information: section name: _RDATA
Source: avdump_x64_ais-a31.vpx.4.drStatic PE information: section name: .didat
Source: avdump_x64_ais-a31.vpx.4.drStatic PE information: section name: _RDATA
Source: avdump_x86_ais-a31.vpx.4.drStatic PE information: section name: .didat
Source: instcont_x64_ais-a31.vpx.4.drStatic PE information: section name: _RDATA
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: section name: .didat
Source: instup_x64_ais-a31.vpx.4.drStatic PE information: section name: _RDATA
Source: setgui_x64_ais-a31.vpx.4.drStatic PE information: section name: _RDATA
Source: asw83e6d35a12199365.tmp.4.drStatic PE information: section name: _RDATA
Source: aswea37ae9b954f6703.tmp.4.drStatic PE information: section name: .didat
Source: aswea37ae9b954f6703.tmp.4.drStatic PE information: section name: _RDATA
Source: asw6fb45a5d5e20245a.tmp.4.drStatic PE information: section name: _RDATA
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: section name: .didat
Source: aswf0c2907424a71aac.tmp.4.drStatic PE information: section name: _RDATA
Source: asw83460009ff51cc24.tmp.4.drStatic PE information: section name: _RDATA
Source: gcapi.dll.11.drStatic PE information: section name: .00cfg
Source: gcapi.dll.11.drStatic PE information: section name: .voltbl
Source: gcapi.dll.11.drStatic PE information: section name: malloc_h
Source: gcapi.dll.14.drStatic PE information: section name: .00cfg
Source: gcapi.dll.14.drStatic PE information: section name: .voltbl
Source: gcapi.dll.14.drStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB1396 push ecx; ret 0_2_00EB13A9
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA48748 push rax; retf 0024h4_2_00007FF72DA48749
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA4873A push rsi; retf 0024h4_2_00007FF72DA4873B
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE618748 push rax; retf 0024h8_2_00007FF6AE618749
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE61873A push rsi; retf 0024h8_2_00007FF6AE61873B
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00C44584 push ecx; ret 9_2_00C44597
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00B7929D push FFFFFFB7h; retf 9_2_00B7929F
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 14_2_00F24584 push ecx; ret 14_2_00F24597

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\Microstub.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_00EAA100
Source: C:\Users\user\Desktop\Microstub.exeFile created: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83e6d35a12199365.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswea37ae9b954f6703.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswf0c2907424a71aac.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\offertool_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw6fb45a5d5e20245a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw88ac55f085125d05.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw46db8cdc7beb2192.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instcont_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83460009ff51cc24.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeFile created: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\HTMLayout.dllJump to dropped file
Source: C:\Users\user\Desktop\Microstub.exeFile created: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83e6d35a12199365.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswea37ae9b954f6703.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswf0c2907424a71aac.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\offertool_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw6fb45a5d5e20245a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw88ac55f085125d05.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw46db8cdc7beb2192.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instcont_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83460009ff51cc24.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instcont_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\offertool_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeFile created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_00EA52F0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\Microstub.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_00EAA100
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\Microstub.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeSection loaded: OutputDebugStringW count: 121
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeSection loaded: OutputDebugStringW count: 140
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB8A720 rdtsc 4_2_00007FF72DB8A720
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00007FF72DA5F560
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83e6d35a12199365.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswea37ae9b954f6703.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw46db8cdc7beb2192.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswf0c2907424a71aac.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83460009ff51cc24.tmpJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeDropped PE file which has not been started: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeAPI coverage: 7.9 %
Source: C:\Users\Public\Documents\aswOfferTool.exeAPI coverage: 9.7 %
Source: C:\Users\user\Desktop\Microstub.exe TID: 7804Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe TID: 7968Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe TID: 8112Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe TID: 2944Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EBA4B5 FindFirstFileExW,0_2_00EBA4B5
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA792C VirtualQuery,GetSystemInfo,0_2_00EA792C
Source: Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW:
Source: Instup.exe, 00000004.00000002.3220719229.000002D55F191000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRO
Source: Microstub.exe, 00000000.00000003.1388390134.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWdZ
Source: Microstub.exe, 00000000.00000002.3217856043.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1388390134.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1992766889.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1993666555.0000000000C12000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.3218462285.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1993619483.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1449156451.000001D530D0F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1442787980.000001D530D0F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1448892650.000001D530D0F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1442346601.000001D530D0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA4F480 GetCurrentProcess,CheckRemoteDebuggerPresent,NdrClientCall3,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,GetCurrentProcess,FlushInstructionCache,4_2_00007FF72DA4F480
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB8A720 rdtsc 4_2_00007FF72DB8A720
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB72A90 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LdrUnlockLoaderLock,4_2_00007FF72DB72A90
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EB10FF
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBDDC30 GetLastError,IsDebuggerPresent,OutputDebugStringW,4_2_00007FF72DBDDC30
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00007FF72DA5F560
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA21B0 KillTimer,InterlockedExchange,DefWindowProcW,GetWindowRect,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_00EA21B0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB7C5A mov eax, dword ptr fs:[00000030h]0_2_00EB7C5A
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00C6C3F0 mov eax, dword ptr fs:[00000030h]9_2_00C6C3F0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00C64782 mov ecx, dword ptr fs:[00000030h]9_2_00C64782
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 14_2_00F4C3F0 mov eax, dword ptr fs:[00000030h]14_2_00F4C3F0
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 14_2_00F44782 mov ecx, dword ptr fs:[00000030h]14_2_00F44782
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EAF080 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,0_2_00EAF080
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EB10FF
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB1292 SetUnhandledExceptionFilter,0_2_00EB1292
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB13AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00EB13AB
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB4476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EB4476
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF764C195CC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF764C195CC
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF764C19100 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF764C19100
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF764C28660 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF764C28660
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5AA60 SetUnhandledExceptionFilter,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,4_2_00007FF72DA5AA60
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5A470 GetModuleHandleW,GetProcAddress,GetCurrentThreadId,EnterCriticalSection,GetProcessHeap,HeapFree,LeaveCriticalSection,RtlAddVectoredExceptionHandler,SetErrorMode,VirtualQuery,GetModuleHandleW,GetModuleHandleW,RevertToSelf,4_2_00007FF72DA5A470
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBF1E34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF72DBF1E34
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DBDD2EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF72DBDD2EC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA5AC50 GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,SetUnhandledExceptionFilter,4_2_00007FF72DA5AC50
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62AA60 SetUnhandledExceptionFilter,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,8_2_00007FF6AE62AA60
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7C1E34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF6AE7C1E34
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE62AC50 GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,SetUnhandledExceptionFilter,8_2_00007FF6AE62AC50
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE7AD2EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FF6AE7AD2EC
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA944B74 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFBAA944B74
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FFBAA9041F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FFBAA9041F8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00C4FC60 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00C4FC60
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: 9_2_00C4368E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00C4368E
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 14_2_00F2FC60 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00F2FC60
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 14_2_00F2368E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00F2368E
Source: C:\Users\user\Desktop\Microstub.exeProcess created: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4Jump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4Jump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe "C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 /online_installerJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe "c:\windows\temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:c:\windows\temp\asw.80de90b54f96a0a4
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe "c:\windows\temp\asw.a9fa3c9ddc728b38\new_180217d8\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:c:\windows\temp\asw.80de90b54f96a0a4 /online_installer
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe "c:\windows\temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:c:\windows\temp\asw.80de90b54f96a0a4Jump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeProcess created: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe "c:\windows\temp\asw.a9fa3c9ddc728b38\new_180217d8\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:c:\windows\temp\asw.80de90b54f96a0a4 /online_installerJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DB720E0 FreeSid,AllocateAndInitializeSid,DuplicateToken,CheckTokenMembership,FindCloseChangeNotification,GetLastError,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,CloseHandle,GetLastError,GetLastError,4_2_00007FF72DB720E0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UGetMonitorInfoWMonitorFromWindowUSER32.DLLWorkerWProgman%s KERNEL32.DLL
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EB153D cpuid 0_2_00EB153D
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: EnumSystemLocalesW,4_2_00007FF72DC09E68
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: EnumSystemLocalesW,4_2_00007FF72DC09D98
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: EnumSystemLocalesW,4_2_00007FF72DC03FF4
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00007FF72DC0A2A8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,4_2_00007FF72DC09A48
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: GetLocaleInfoW,4_2_00007FF72DC044D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FF72DC0A484
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: EnumSystemLocalesW,8_2_00007FF6AE7D3FF4
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: EnumSystemLocalesW,8_2_00007FF6AE7D9D98
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: EnumSystemLocalesW,8_2_00007FF6AE7D9E68
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: GetLocaleInfoW,8_2_00007FF6AE7D44D0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_00007FF6AE7DA484
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,8_2_00007FF6AE7D9A48
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_00007FF6AE7DA2A8
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: GetLocaleInfoA,LeaveCriticalSection,8_2_00007FFBAA687E67
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exeCode function: GetLocaleInfoW,9_2_00C6BBEA
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,14_2_00F4BBEA
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeQueries volume information: C:\Windows\Temp\asw.a9fa3c9ddc728b38\servers.def.vpx VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA41B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,0_2_00EA41B0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00EA21B0 KillTimer,InterlockedExchange,DefWindowProcW,GetWindowRect,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_00EA21B0
Source: C:\Users\user\Desktop\Microstub.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA4C04B __std_exception_destroy,__std_exception_destroy,__std_exception_destroy,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,Concurrency::cancel_current_task,4_2_00007FF72DA4C04B
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exeCode function: 4_2_00007FF72DA4D1C0 RemoveVectoredExceptionHandler,SetEvent,GetCurrentThreadId,RpcBindingFree,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,4_2_00007FF72DA4D1C0
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE61C04B __std_exception_destroy,__std_exception_destroy,__std_exception_destroy,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,Concurrency::cancel_current_task,8_2_00007FF6AE61C04B
Source: C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exeCode function: 8_2_00007FF6AE61D1C0 RemoveVectoredExceptionHandler,SetEvent,GetCurrentThreadId,RpcBindingFree,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,8_2_00007FF6AE61D1C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		21
Masquerading		11
Input Capture		1
System Time Discovery		Remote Services11
Input Capture		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
Bootkit		12
Process Injection		23
Virtualization/Sandbox Evasion		1
Network Sniffing		271
Security Software Discovery		Remote Desktop Protocol11
Archive Collected Data		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		12
Process Injection		Security Account Manager23
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares2
Clipboard Data		3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Bootkit		Cached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync1
Network Sniffing		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Search Order Hijacking		Proc Filesystem56
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1408633 Sample: Microstub.exe Startdate: 13/03/2024 Architecture: WINDOWS Score: 48 63 v7event.stats.avast.com 2->63 65 shepherd.ff.avast.com 2->65 67 5 other IPs or domains 2->67 85 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->85 87 Sigma detected: Execution from Suspicious Folder 2->87 11 Microstub.exe 1 2 2->11         started        signatures3 process4 dnsIp5 81 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49707, 49712 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 11->81 57 avast_free_antivir...etup_online_x64.exe, PE32+ 11->57 dropped 99 Query firmware table information (likely to detect VMs) 11->99 101 Contains functionality to infect the boot sector 11->101 16 avast_free_antivirus_setup_online_x64.exe 2 31 11->16         started        file6 signatures7 process8 file9 41 C:\Windows\Temp\...\Instup.exe, PE32+ 16->41 dropped 43 C:\Windows\Temp\...\Instup.dll, PE32+ 16->43 dropped 45 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 16->45 dropped 83 Query firmware table information (likely to detect VMs) 16->83 20 Instup.exe 7 34 16->20         started        signatures10 process11 dnsIp12 69 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49717, 49738 ATGS-MMD-ASUS United States 20->69 71 w5805295.iavs9x.u.avast.com 20->71 73 6 other IPs or domains 20->73 47 C:\Windows\Temp\...\uat64.dll, PE32+ 20->47 dropped 49 C:\Windows\Temp\...\setgui_x64_ais-a31.vpx, PE32+ 20->49 dropped 51 C:\Windows\Temp\...\sbr_x64_ais-a31.vpx, PE32+ 20->51 dropped 53 20 other files (none is malicious) 20->53 dropped 89 Query firmware table information (likely to detect VMs) 20->89 91 Tries to delay execution (extensive OutputDebugStringW loop) 20->91 93 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 20->93 25 instup.exe 3 10 20->25         started        file13 signatures14 process15 dnsIp16 75 v7event.stats.avast.com 25->75 77 t1024579.vps18tiny.u.avcdn.net 25->77 79 13 other IPs or domains 25->79 95 Query firmware table information (likely to detect VMs) 25->95 97 Tries to delay execution (extensive OutputDebugStringW loop) 25->97 29 aswOfferTool.exe 25->29         started        32 aswOfferTool.exe 25->32         started        34 aswOfferTool.exe 25->34         started        36 aswOfferTool.exe 25->36         started        signatures17 process18 file19 59 C:\Users\Public\Documents\aswOfferTool.exe, PE32 29->59 dropped 38 aswOfferTool.exe 29->38         started        61 C:\Windows\Temp\...\gcapi.dll, PE32 32->61 dropped process20 file21 55 C:\Users\Public\Documents\gcapi.dll, PE32 38->55 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Microstub.exe4%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Documents\aswOfferTool.exe0%ReversingLabs
C:\Users\Public\Documents\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\HTMLayout.dll0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.dll0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvBugReport.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvDump.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\HTMLayout.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw46db8cdc7beb2192.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw6fb45a5d5e20245a.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83460009ff51cc24.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83e6d35a12199365.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw88ac55f085125d05.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswea37ae9b954f6703.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswf0c2907424a71aac.tmp0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\sbr.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\avbugreport_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x86_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\instcont_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\offertool_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\sbr_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\setgui_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat64.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://id.avast.comNzMsImN~0%Avira URL Cloudsafe
http://keys.backup.norton.comLO.3120accountkeysCCT0%Avira URL Cloudsafe
https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe0%Avira URL Cloudsafe
https://stream-production.avcdn.neted0%Avira URL Cloudsafe
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeings)X0%Avira URL Cloudsafe
https://stream-production.avcdn.netdrn0%Avira URL Cloudsafe
https://id.avast.comiff-met0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
shepherd-gcp.ff.avast.com
34.160.176.28
truefalse
    		high
    analytics-prod-gcp.ff.avast.com
    		34.117.223.223
    		truefalse
      		high
      b8003600.iavs9x.u.avast.com
      		unknown
      		unknownfalse
        		high
        m0658849.iavs9x.u.avast.com
        		unknown
        		unknownfalse
          		high
          r0965026.iavs9x.u.avast.com
          		unknown
          		unknownfalse
            		high
            f3461309.vps18tiny.u.avcdn.net
            		unknown
            		unknownfalse
              		high
              shepherd.ff.avast.com
              		unknown
              		unknownfalse
                		high
                h4305360.iavs9x.u.avast.com
                		unknown
                		unknownfalse
                  		high
                  r0965026.vps18tiny.u.avcdn.net
                  		unknown
                  		unknownfalse
                    		high
                    l7814800.iavs9x.u.avast.com
                    		unknown
                    		unknownfalse
                      		high
                      n2833777.iavs9x.u.avast.com
                      		unknown
                      		unknownfalse
                        		high
                        iavs9x.u.avcdn.net
                        		unknown
                        		unknownfalse
                          		high
                          h4444966.vps18tiny.u.avcdn.net
                          		unknown
                          		unknownfalse
                            		high
                            v7event.stats.avast.com
                            		unknown
                            		unknownfalse
                              		high
                              s-iavs9x.avcdn.net
                              		unknown
                              		unknownfalse
                                		high
                                r3802239.iavs9x.u.avast.com
                                		unknown
                                		unknownfalse
                                  		high
                                  c3978047.vps18tiny.u.avcdn.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    p9854759.iavs9x.u.avast.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      w5805295.iavs9x.u.avast.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        s-vps18tiny.avcdn.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          n4291289.iavs9x.u.avast.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            analytics.avcdn.net
                                            		unknown
                                            		unknownfalse
                                              		high
                                              t1024579.vps18tiny.u.avcdn.net
                                              		unknown
                                              		unknownfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://j0294597.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://j0294597.vpsnitro.u.avast.com/vpsnitro1Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://n8283613.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://b8003600.vps18.u.avcdn.net/vps18zInstup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://l7814800.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-a31.vpxInstup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://j0294597.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://s-vpsnitrotiny.avcdn.net/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000003.1601944995.000001DDCD35D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://submit5.avast.com/cgi-bin/submit50.cgi-Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exekzInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://p1043812.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://c3978047.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://stream-production.avcdn.netedInstup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://id.avast.comInstup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D475000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgiavast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3221791523.000001D535C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://submit5.avast.com/cgi-bin/submit50.cgi4Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://h4444966.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://g1928587.ivps9tiny.u.avast.com/ivps9tinyFinstup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://l2983942.vpsnitro.u.avast.com/vpsnitroyInstup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://m0658849.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://m0658849.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://b8003600.vpsnitro.u.avast.com/vpsnitroFilterinstup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://keys.backup.norton.comLO.3120accountkeysCCTavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		low
                                                                                        http://s1843811.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeMicrostub.exe, 00000000.00000002.3217856043.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://l2983942.vps18.u.avcdn.net/vps180M-_Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyKInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://n8283613.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exeInstup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3219448821.000002D55D440000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://s1843811.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://submit5.avast.com/cgi-bin/submit50.cgiDinstup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://y9830512.vps18.u.avcdn.net/vps189Sinstup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://w5805295.vps18tiny.u.avcdn.net/vps18tinyEJhInstup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeings)XInstup.exe, 00000004.00000002.3223234099.000002D56028A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe(Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://j0294597.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi0Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://n4291289.iavs5x.u.avast.com/iavs5x0)6Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi4Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://w5805295.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny37:1Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://winqual.sb.avast.comavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1487171898.000002D5606C6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1570743895.000002D560D5C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://sm00.avast.com/cgi-bin/iavsup2.cgitropJCInstup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://submit5.avast.com/cgi-bin/submit50.cgi#Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://s-nuistatic.avcdn.net/nui/avast/1.0.799/updatefile.jsonjpInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://id.avast.comiff-metInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://stream-production.avcdn.netdrnInstup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://tc.ida.avast.com/magician/repository/download/WinDev_Projects_SecureLineBuild/.lastSuccessfuinstup.exe, 00000008.00000002.3223699346.000001DDCDD50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://gf.tools.avast.com/tools/gf/hp-TRinstup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiLInstup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://n2833777.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://r4427608.ivps9tiny.u.avast.com/ivps9tinyttp2aInstup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiPInstup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://submit5.avast.com/cgi-bin/submit50.cgiyInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://n8283613.vps18.u.avcdn.net/vps18avdeInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeInstup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://w5805295.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiXInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://submit5.avast.com/cgi-bin/submit50.cgiIcmpInstup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://d3176133.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1569029397.000002D56038B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://submit5.avast.com/cgi-bin/submit50.cgi=20:Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://c3978047.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3218244560.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2058104981.000001D530C9E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://id.avast.comNzMsImN~instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		low
                                                                                                                                                                    http://doubleclick-proxy.ff.avast.com/v1/gclid$FInstup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://pair.ff.avast.comavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.jsonoutlooInstup.exe, 00000004.00000002.3222614029.000002D560108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://n8283613.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://n4291289.ivps9x.u.avast.com/ivps9xcgiGInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://r4427608.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe$Instup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://y8002308.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3222614029.000002D5600B9000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://geoip.avast.com/geoip/geoip.phpYUinstup.exe, 00000008.00000002.3224672534.000001DDCE325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://submit5.avast.com/cgi-bin/submit50.cgiLinstup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgipInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3220500873.000002D55F128000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://https://:allow_fallback/installer.exeMicrostub.exe, 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1367227361.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		low
                                                                                                                                                                                          http://submit.sb.avast.com/V1/PD/Instup.exe, 00000004.00000002.3222895350.000002D560163000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exellInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://n8283613.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgitInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://j0294597.iavs9x.u.avast.com/iavs9x9tiny1;-9Instup.exe, 00000004.00000002.3221046422.000002D55F1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinylInstup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://v7.stats.avast.com/cgi-bin/iavs4stats.cgityInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://r3802239.iavs9x.u.avast.com/iavs9x8tinyiInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://j0294597.iavs9x.u.avast.com/iavs9xcgiyInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://submit5.avast.com/cgi-bin/submit50.cgicInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://submit5.avast.com/cgi-bin/submit50.cgiice_CoolXinstup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://submit5.avast.com/cgi-bin/submit50.cgibInstup.exe, 00000004.00000002.3222614029.000002D560088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://s1843811.ivps9x.u.avast.com/ivps9xTDgInstup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgidInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://gf.tools.avast.com/tools/gf/uInstup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://outside-scanner.ff.avast.com/v2/inspectiononInstup.exe, 00000004.00000002.3221046422.000002D55F3A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://f3461309.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://y8002308.iavs9x.u.avast.com/iavs9x.cgiInstup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://keys.backup.norton.comavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1427107882.000001D536B42000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3225237402.00007FFBA99C5000.00000002.00000001.01000000.0000000E.sdmp, Instup.exe, 00000004.00000003.1546439518.000002D561CBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://j0294597.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3223234099.000002D560301000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://m0658849.vpsnitro.u.avast.com/vpsnitroxDInstup.exe, 00000004.00000002.3222614029.000002D560060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://h4444966.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1420173209.000001D535CCA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.1409238133.000001D535C30000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3221046422.000002D55F2AE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1494576370.000002D56037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://r9319236.iavs5x.u.avast.com/iavs5x8tinyinstup.exe, 00000008.00000002.3224972009.000001DDCE4F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        34.117.223.223
                                                                                                                                                                                                                                        		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                        34.160.176.28
                                                                                                                                                                                                                                        		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                        Analysis ID:1408633
                                                                                                                                                                                                                                        Start date and time:2024-03-13 21:45:25 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 11m 12s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:18
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:Microstub.exe
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal48.troj.evad.winEXE@16/60@84/2
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 142.251.35.174, 23.55.243.199, 23.55.243.200, 23.199.49.64, 23.55.243.208, 23.55.243.212, 142.250.81.232
                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ssl.google-analytics.com, fallbackupdates.avcdn.net.edgekey.net, u4.avcdn.net.edgesuite.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e9229.dscd.akamaiedge.net, a117.dscd.akamai.net, iavs9x4.u.avcdn.net.edgesuite.net, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com, a27.dscd.akamai.net
                                                                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • VT rate limit hit for: Microstub.exe

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        34.117.223.223ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        34.160.176.28ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  jcreator_6i-6JJ1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    jcreator_6i-6JJ1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      SecuriteInfo.com.Trojan.InstallCore.4042.19460.13818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.InstallCore.4042.19460.13818.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          shepherd-gcp.ff.avast.comccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          analytics-prod-gcp.ff.avast.comccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223

                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://vngsvkfvywvffdv.s3.ap-east-1.amazonaws.com/vngsvkfvywvffdv.html#5VyLDa6734NlYC486sofwjlfifu1585DKFQFWNMPWLVYWH9348/729433U21#5tykexk63yzxnmt0l8orxw3yumbfu033aoua83yoi1y4cy8m81tyootl4pqgulnctGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                          • 34.117.121.53
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, zgRATBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          https://tracker.club-os.com////campaign/click?1274653442ms740959505gId444d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=rehanvidyagyan.com#dzpl6yxzZGVha2luQGRldnJ5LmVkdQ==&&xnmy2h&1asxydei%2F%25U1nMtHFYaN%2F%255sMQEdXny6GFgc%2F%25ZGVha2luQGRldnJ5LmVkdQ==&%E3%80%82&$Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.5596.29757.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          UTCy4CLqRJ.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.9666.20380.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          c3Jj616jlO.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          ATGS-MMD-ASUShttp://haaszaltz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.174.86.137
                                                                                                                                                                                                                                                          https://vngsvkfvywvffdv.s3.ap-east-1.amazonaws.com/vngsvkfvywvffdv.html#5VyLDa6734NlYC486sofwjlfifu1585DKFQFWNMPWLVYWH9348/729433U21#5tykexk63yzxnmt0l8orxw3yumbfu033aoua83yoi1y4cy8m81tyootl4pqgulnctGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 34.188.201.80
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 51.34.72.48
                                                                                                                                                                                                                                                          7YYJZyLPiX.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 51.203.87.173
                                                                                                                                                                                                                                                          cCQ8OCNYwd.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 34.158.226.167
                                                                                                                                                                                                                                                          pUQL9ZI8ks.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 32.249.21.68
                                                                                                                                                                                                                                                          https://dwaltnewurlkalmakbiira13.blob.core.windows.net/dwaltnewurlkalmakbiira13/1.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                          • 34.149.120.191
                                                                                                                                                                                                                                                          isWhefjqVA.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 32.166.191.250

                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          74954a0c86284d0d6e1c4efefe92b521J-JeremieKarg-78462.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          J-JeremieKarg-78462.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          PostalOffice.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          PERSPICIATISM.imgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          erg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          erg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          erg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win64.DropperX-gen.10232.23831.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          wps32.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          wps32.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          paper7287-12-march-2024.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, zgRATBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          nzGgfP8vN3.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          conditional_order.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28

                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          C:\Users\Public\Documents\gcapi.dll_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  ATT00001.htmGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                    C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (472), with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                    Size (bytes):50106
                                                                                                                                                                                                                                                                    Entropy (8bit):5.2021322502537615
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:768:8vEdxBtewgHP2hBZmX3HUAmPgaUbCedn5a9d/GIltBz7b2IyCE:sE7/iz+Bz7bCCE
                                                                                                                                                                                                                                                                    MD5:5F8F009DB33AB7D91437A293299C6B9B
                                                                                                                                                                                                                                                                    SHA1:CDE6762957A9C4C2CC4CEC11D750C11B81AD318E
                                                                                                                                                                                                                                                                    SHA-256:66BEF1B53B5E82646B93CEBD805DD9070B023EB048039E85A9EEBA6F097BCDE5
                                                                                                                                                                                                                                                                    SHA-512:08EB8DAD08C0CCDB1FC5CCA9CE2EBB6B60CF340B24CBEE2671F0CEF142FA4BE87FDEAAB59EB9E0FEF224AF810A77DA9BBF9C1C7A597561C651F13F3B600EBF7F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Preview:.[2024-03-13 20:46:17.975] [info ] [sfxinst ] [ 7852: 7856] [C092BD: 958] --..[2024-03-13 20:46:17.975] [info ] [sfxinst ] [ 7852: 7856] [C092BD: 959] START: Avast SFX stub executable..[2024-03-13 20:46:17.975] [info ] [sfxinst ] [ 7852: 7856] [C092BD: 256] Entering SFX stub guarded code section...[2024-03-13 20:46:17.991] [info ] [sfxinst ] [ 7852: 7856] [C092BD: 371] Running SFX 'C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe'..[2024-03-13 20:46:20.272] [notice ] [burger_rep ] [ 7852: 7980] [464414: 66] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-03-13 20:46:21.413] [info ] [sfxinst ] [ 7852: 7856] [C092BD: 882] Starting installer/updater executable 'C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup.exe'..[2024-03-13 20:46:22.051] [info ] [instcont ] [ 8068: 8072] [C1C3EB: 221] --..[2024-03-13 20:46:22.051] [info ] [instcont ] [ 8068: 8072] [C1C3EB: 222] START: A

                                                                                                                                                                                                                                                                    C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):281
                                                                                                                                                                                                                                                                    Entropy (8bit):4.609425125884522
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:syLFL/O2yD8Ng3IKw6B6TjyhlW/OJZCD8Ng3IKw6B6Tjy3:syLp/5Y8e16qh4/Z8e16q3
                                                                                                                                                                                                                                                                    MD5:EEBCF7E87307C10A13C4DE9B78CF0A5F
                                                                                                                                                                                                                                                                    SHA1:234C1F1FFC814758389D7E5045E891FF1A9F360E
                                                                                                                                                                                                                                                                    SHA-256:C7A93C1464341A819D69FD042EDB62DD970B7ADED6F1A1BA9D192CED17C2D40C
                                                                                                                                                                                                                                                                    SHA-512:02865A5A327BFC8F4F603B84BEDD54B25DCFBFADC0A6A55076238CB61BAC636A7112D0549EAD0027A6FB8858531883DD9F5EDB747E52560F6E10D4EF4A11AEC9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Preview:.[2024-03-13 20:46:25.238] [info ] [burger ] [ 8068: 8072] [8742F6: 55] Storage path was not set so neither stored events are read...[2024-03-13 20:46:42.956] [info ] [burger ] [ 432: 6052] [8742F6: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                                                                                                                    C:\Users\Public\Documents\aswOfferTool.exe

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2412488
                                                                                                                                                                                                                                                                    Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                    MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                    SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                    SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\Public\Documents\gcapi.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):888600
                                                                                                                                                                                                                                                                    Entropy (8bit):6.799400661071435
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                                                                                                                    MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                                                                                                                    SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                                                                                                                    SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                                                                                                                    SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                    • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: ATT00001.htm, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):9894328
                                                                                                                                                                                                                                                                    Entropy (8bit):7.910596699483975
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:196608:wPwGw/vlCneC7X84VJjGBaa4vYYlAeln/O0Q1plDyD7bvgs6gpHjK0H:GwGwl27X8+p2aa4wYlAyObyfDK
                                                                                                                                                                                                                                                                    MD5:3EE70E7C9C9C36265A818BA9771BBD4C
                                                                                                                                                                                                                                                                    SHA1:AB5FFE0FF1A04741E90583B78B99925D5ECBC58D
                                                                                                                                                                                                                                                                    SHA-256:C509A9B3F9DD6E3961FD5FF70CE462E440BF8AD6A8F99D8BE4020A1C4C774364
                                                                                                                                                                                                                                                                    SHA-512:F787800DF1AC5DBAED83D638A63CD3652C59115AEB9912D08FB24C1374D84F20513DB07F02B82762EA5EC8645A15A2236E42DE6F6CEE68345245F99025100260
                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$............d..d..d..A...Yd..A...d...R.d....d....d.....d..A...d..A...d...<.d..d..d......d..A...d..d..f......d......d.....bd.....d....P.d..d8.d.....d..Rich.d..........PE..d...lM.e.........."....&.....B.......3.........@....................................(....`..........................................>.......?..d.......0x..........h..P)...p......8l.......................n..(....M..@....................*..@....................text...l........................... ..`.rdata...F.......H..................@..@.data........`...X...F..............@....pdata..............................@..@.didat..@............\..............@..._RDATA...............b..............@..@.rsrc...0x.......z...d..............@..@.reloc.......p......................@..B................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\HTMLayout.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4159384
                                                                                                                                                                                                                                                                    Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                    MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                    SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                    SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                    SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):18940824
                                                                                                                                                                                                                                                                    Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                    MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                    SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                    SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                    SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3902920
                                                                                                                                                                                                                                                                    Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                    MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                    SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                    SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                    SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvBugReport.exe (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4995480
                                                                                                                                                                                                                                                                    Entropy (8bit):6.513466309572837
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:YMLfHhldPFjnwlNPzJrpxX5lPuf20I9qhXWYu7/5S6tvI3Et12IC8ztW96BuBAVj:arJv5FidWYC57tTsiV6ltkb0Dldq
                                                                                                                                                                                                                                                                    MD5:32D3AF2566FD2934E2E222686FAD38F6
                                                                                                                                                                                                                                                                    SHA1:D94B1E6B69DFBD4AA558FFF286E8A49C5E9FBDC9
                                                                                                                                                                                                                                                                    SHA-256:7D4E79BDDAD1A5484FE1BAC786EF5A9A451A8FD60519D60D1D40B6B22BC325BF
                                                                                                                                                                                                                                                                    SHA-512:86ADDFF38C283FBFFC417FC64F0A3AEF3CA2902956E3FA990876C7ED5432BB8C098C823F13D9CB4B0E0705FBBAAF65970AC27580255E4D4BFDAA6B7B004009AD
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......rKI.6*'.6*'.6*'..X"..*'.0...:*'.0.#.%*'..^".?*'.0.".A*'.0.$.$*'..X$.&*'.?R..4*'.D#.0*'.`_#.*'.6*'.;*'.`_"..*'.._#.7*'..X#..*'..X&..*'.6*&.j('.\...k+'.\.'.7*'.\...7*'.6*..4*'.\.%.7*'.Rich6*'.................PE..d...9M.e.........."....&..2..........n.........@..............................M.....-.M...`...........................................A.......A.,.....L.......J..[..H.L.P)....L.@j....:.......................:.(...p.:.@.............2..............................text.....2.......2................. ..`.rdata..0.....2.......2.............@..@.data.........A..j....A.............@....pdata...[....J..\...>I.............@..@_RDATA.......pL.......K.............@..@.rsrc.........L.......K.............@..@.reloc..@j....L..l....K.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\AvDump.exe (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3553688
                                                                                                                                                                                                                                                                    Entropy (8bit):6.472585130149831
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:W6qW6MWNsVp478L0GYoCgTvgaA1gzHBxBUPpljXp2swtTt2HsK17kyFxA+0zGycw:WDWXvk1JMtJe63
                                                                                                                                                                                                                                                                    MD5:A9A99325FC3F0E14A2FC9C41DEDB8C8F
                                                                                                                                                                                                                                                                    SHA1:869B846466552756EAB5D30D9022F2A08BB93E12
                                                                                                                                                                                                                                                                    SHA-256:8043322E2A1F6A9DEAB38D0748449E32805CFBF9C439621900F6174526586729
                                                                                                                                                                                                                                                                    SHA-512:9FB6CC535852CF87D8C632308AACF8ABB449061C63FC41D43411D0D651BCAD26416D6D2F3E603F764DAA3927B4F8547EBC64B5BBFCD183FAA674F8A33D832CDE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z..Uz..Uz..U...Tv..U...T..U...Tf..U|..Uy..U|..Th..U...Ts..U|..Tn..U|..T...Us.kUx..Uz..U}..U,..Ty..U...Tc..U...T{..Uz..U...U...T...U...T{..U...U{..Uz.oUx..U...T{..URichz..U........PE..d...>K.e.........."....&.. ......... 9.........@..............................6.......6...`...........................................,.......,.......5.......3.....H.6.P)....6.(Y...7'......................:'.(.....#.@............. .@...0~,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data....=....,.......,.............@....pdata........3......N3.............@..@.didat..P.....5.......4.............@..._RDATA........5.......4.............@..@.rsrc.........5.......4.............@..@.reloc..(Y....6..Z....5.............@..B........................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\HTMLayout.dll (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4159384
                                                                                                                                                                                                                                                                    Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                    MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                    SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                    SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                    SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw46db8cdc7beb2192.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):20376
                                                                                                                                                                                                                                                                    Entropy (8bit):6.64820412968221
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:GxaZ9QMb3KiVm+JmADIYiWoYrAM+o/8E9VF0NygP:GYZ9nbhJmhYiAAMxkE
                                                                                                                                                                                                                                                                    MD5:38F073F181FD2668EE160AE83B9D8BB9
                                                                                                                                                                                                                                                                    SHA1:1A77C8F984EFCD95CA0DC0EB2A14900671944B3C
                                                                                                                                                                                                                                                                    SHA-256:8B38E98F961512F8013142805706ADD8E1559B201AA471C35A04EBE71A530B0F
                                                                                                                                                                                                                                                                    SHA-512:CBCF332330CE71EDD3C3C84F50F77E282807E246513C6061584F33B7D3AF4AB87331F5E9227C9E7A3A0BE2435CAA242D4C7442400249C998354D610C340F14D9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d....K.e.........."....&.....0.................@.............................p............`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw6fb45a5d5e20245a.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3902920
                                                                                                                                                                                                                                                                    Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                    MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                    SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                    SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                    SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83460009ff51cc24.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4159384
                                                                                                                                                                                                                                                                    Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                    MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                    SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                    SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                    SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw83e6d35a12199365.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4995480
                                                                                                                                                                                                                                                                    Entropy (8bit):6.513466309572837
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:YMLfHhldPFjnwlNPzJrpxX5lPuf20I9qhXWYu7/5S6tvI3Et12IC8ztW96BuBAVj:arJv5FidWYC57tTsiV6ltkb0Dldq
                                                                                                                                                                                                                                                                    MD5:32D3AF2566FD2934E2E222686FAD38F6
                                                                                                                                                                                                                                                                    SHA1:D94B1E6B69DFBD4AA558FFF286E8A49C5E9FBDC9
                                                                                                                                                                                                                                                                    SHA-256:7D4E79BDDAD1A5484FE1BAC786EF5A9A451A8FD60519D60D1D40B6B22BC325BF
                                                                                                                                                                                                                                                                    SHA-512:86ADDFF38C283FBFFC417FC64F0A3AEF3CA2902956E3FA990876C7ED5432BB8C098C823F13D9CB4B0E0705FBBAAF65970AC27580255E4D4BFDAA6B7B004009AD
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......rKI.6*'.6*'.6*'..X"..*'.0...:*'.0.#.%*'..^".?*'.0.".A*'.0.$.$*'..X$.&*'.?R..4*'.D#.0*'.`_#.*'.6*'.;*'.`_"..*'.._#.7*'..X#..*'..X&..*'.6*&.j('.\...k+'.\.'.7*'.\...7*'.6*..4*'.\.%.7*'.Rich6*'.................PE..d...9M.e.........."....&..2..........n.........@..............................M.....-.M...`...........................................A.......A.,.....L.......J..[..H.L.P)....L.@j....:.......................:.(...p.:.@.............2..............................text.....2.......2................. ..`.rdata..0.....2.......2.............@..@.data.........A..j....A.............@....pdata...[....J..\...>I.............@..@_RDATA.......pL.......K.............@..@.rsrc.........L.......K.............@..@.reloc..@j....L..l....K.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\asw88ac55f085125d05.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2412488
                                                                                                                                                                                                                                                                    Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                    MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                    SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                    SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2412488
                                                                                                                                                                                                                                                                    Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                    MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                    SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                    SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswea37ae9b954f6703.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3553688
                                                                                                                                                                                                                                                                    Entropy (8bit):6.472585130149831
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:W6qW6MWNsVp478L0GYoCgTvgaA1gzHBxBUPpljXp2swtTt2HsK17kyFxA+0zGycw:WDWXvk1JMtJe63
                                                                                                                                                                                                                                                                    MD5:A9A99325FC3F0E14A2FC9C41DEDB8C8F
                                                                                                                                                                                                                                                                    SHA1:869B846466552756EAB5D30D9022F2A08BB93E12
                                                                                                                                                                                                                                                                    SHA-256:8043322E2A1F6A9DEAB38D0748449E32805CFBF9C439621900F6174526586729
                                                                                                                                                                                                                                                                    SHA-512:9FB6CC535852CF87D8C632308AACF8ABB449061C63FC41D43411D0D651BCAD26416D6D2F3E603F764DAA3927B4F8547EBC64B5BBFCD183FAA674F8A33D832CDE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z..Uz..Uz..U...Tv..U...T..U...Tf..U|..Uy..U|..Th..U...Ts..U|..Tn..U|..T...Us.kUx..Uz..U}..U,..Ty..U...Tc..U...T{..Uz..U...U...T...U...T{..U...U{..Uz.oUx..U...T{..URichz..U........PE..d...>K.e.........."....&.. ......... 9.........@..............................6.......6...`...........................................,.......,.......5.......3.....H.6.P)....6.(Y...7'......................:'.(.....#.@............. .@...0~,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data....=....,.......,.............@....pdata........3......N3.............@..@.didat..P.....5.......4.............@..._RDATA........5.......4.............@..@.rsrc.........5.......4.............@..@.reloc..(Y....6..Z....5.............@..B........................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswf0c2907424a71aac.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):18940824
                                                                                                                                                                                                                                                                    Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                    MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                    SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                    SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                    SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\gcapi.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):888600
                                                                                                                                                                                                                                                                    Entropy (8bit):6.799400661071435
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                                                                                                                    MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                                                                                                                    SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                                                                                                                    SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                                                                                                                    SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.dll (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):18940824
                                                                                                                                                                                                                                                                    Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                    MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                    SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                    SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                    SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3902920
                                                                                                                                                                                                                                                                    Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                    MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                    SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                    SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                    SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\sbr.exe (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):20376
                                                                                                                                                                                                                                                                    Entropy (8bit):6.64820412968221
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:GxaZ9QMb3KiVm+JmADIYiWoYrAM+o/8E9VF0NygP:GYZ9nbhJmhYiAAMxkE
                                                                                                                                                                                                                                                                    MD5:38F073F181FD2668EE160AE83B9D8BB9
                                                                                                                                                                                                                                                                    SHA1:1A77C8F984EFCD95CA0DC0EB2A14900671944B3C
                                                                                                                                                                                                                                                                    SHA-256:8B38E98F961512F8013142805706ADD8E1559B201AA471C35A04EBE71A530B0F
                                                                                                                                                                                                                                                                    SHA-512:CBCF332330CE71EDD3C3C84F50F77E282807E246513C6061584F33B7D3AF4AB87331F5E9227C9E7A3A0BE2435CAA242D4C7442400249C998354D610C340F14D9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d....K.e.........."....&.....0.................@.............................p............`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\Stats.ini (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                                                                                                                    MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                                                                                    SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                                                                                    SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                                                                                    SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\Stats.ini.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                                                                                                                    MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                                                                                    SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                                                                                    SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                                                                                    SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw2c8b7c837830ec7c.ini

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):831
                                                                                                                                                                                                                                                                    Entropy (8bit):5.147102281525264
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24:lcNaG0R/qmPvw5uAT3McqGry/lTKF2szCsO:lyaDHBopry/lTKrzCsO
                                                                                                                                                                                                                                                                    MD5:719795BCC89880C5232A4E6710E8CB52
                                                                                                                                                                                                                                                                    SHA1:48091ABC5C4DCDF5A10D6A06D4D3C19E5CD14B4C
                                                                                                                                                                                                                                                                    SHA-256:4EDF71106D017D9745AC382701CAE75C227D37E90BBBD2BCCE55739368C1A553
                                                                                                                                                                                                                                                                    SHA-512:D47CDC7A766A8AF29873B0D0CBD5572B0EC9A676E3D438BB10477436B424E447F4C86D051818FF6E5FA1378879487A9C07D933C9C06A7FB5B8CCB5A5CDA10EEB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:...[Shepherd]..ABTests=62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_versions-older-than-23.1_opening-browser-onboarding_old-smartscan_usa_ipm_6513_open_ui_b_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-bc63bbfcbda3ef73c9a0ab66059cb5dc04bc838bf26db3920f9cea2c5e4e78ba..ConfigVersion=4916..LastUpdate=1710362785..NextUpdate=1710466555..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw2c8b7c837830ec7c.tmp (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):29422
                                                                                                                                                                                                                                                                    Entropy (8bit):5.879202886321556
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:D7rV0hjbpPbNH3V2g0JigYwTTPUxoBDVTrn1OCsXhxvFr7qz9PMpmlfQXDAIvoqA:bVWZbwJiCMx2Tr14xJcBMpyIvosttfI
                                                                                                                                                                                                                                                                    MD5:7E9872A5A33C53E5B282A1805F9D0FFD
                                                                                                                                                                                                                                                                    SHA1:33E4709844651B90448C56581D0E294F98F516D2
                                                                                                                                                                                                                                                                    SHA-256:083262FAC15A780E95561C27422B3D555500568A60312D11915DC42814A55ABE
                                                                                                                                                                                                                                                                    SHA-512:176D575FD332D86989ED67B4EB1611CDB0B03BE737FD6C5EE9B7FE8C6E8A23EA0B30C4C62CF0A751385278A987A4C42442BE45ECA94011986CF38E9501109405
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkipp

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw2c8b7c837830ec7c.tmp.new

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):29422
                                                                                                                                                                                                                                                                    Entropy (8bit):5.879202886321556
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:D7rV0hjbpPbNH3V2g0JigYwTTPUxoBDVTrn1OCsXhxvFr7qz9PMpmlfQXDAIvoqA:bVWZbwJiCMx2Tr14xJcBMpyIvosttfI
                                                                                                                                                                                                                                                                    MD5:7E9872A5A33C53E5B282A1805F9D0FFD
                                                                                                                                                                                                                                                                    SHA1:33E4709844651B90448C56581D0E294F98F516D2
                                                                                                                                                                                                                                                                    SHA-256:083262FAC15A780E95561C27422B3D555500568A60312D11915DC42814A55ABE
                                                                                                                                                                                                                                                                    SHA-512:176D575FD332D86989ED67B4EB1611CDB0B03BE737FD6C5EE9B7FE8C6E8A23EA0B30C4C62CF0A751385278A987A4C42442BE45ECA94011986CF38E9501109405
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkipp

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw965c44df3565943c.ini

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1410), with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1722
                                                                                                                                                                                                                                                                    Entropy (8bit):4.998579600742671
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:TXfp3Hbyay6YRCwB8wqwL7w1ZZQwqUTKmXO:rfp3b1vYRTKs7eQ8KmXO
                                                                                                                                                                                                                                                                    MD5:542261131B599B817742E3F58392D8B9
                                                                                                                                                                                                                                                                    SHA1:9093BB720D7C17029DE381A88C196B4FC781626C
                                                                                                                                                                                                                                                                    SHA-256:4587FDFF7F3FB5EF322DA8D82AE40BF86F6E7FAB9C212DE8A59100D28C377800
                                                                                                                                                                                                                                                                    SHA-512:DB6AF8DAC23293D2FD9E00494F38ACD22720EB12B79D40F679FF0C95E63AAE1094967FAF4B17A52802344226DC3D6E2957AB9F643AF6F489B880BF0D968A0FDB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:...[Shepherd]..ABTests=19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_hide-att-url-params_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_noomnianda1_smartscanfreetrail_smartscan-free---antivirus---win10---ab-test_aosstorel

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw965c44df3565943c.tmp (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):32860
                                                                                                                                                                                                                                                                    Entropy (8bit):5.865835921693045
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:768:B01bebwJin7ru2DdxY4xJcBMp7IvoQ5vW:q1Sb4yHFR
                                                                                                                                                                                                                                                                    MD5:C782753BFDF4B35F963FC7067A4DD6B0
                                                                                                                                                                                                                                                                    SHA1:1E72D0544848BF72FC7CB2160CB1CDF1E8EC8232
                                                                                                                                                                                                                                                                    SHA-256:C6F58DD62E1C0ADD1D5FBFEC84E4B02C978D9DB23E59E7FE9DB8A4F51E5A44BB
                                                                                                                                                                                                                                                                    SHA-512:3418449FBA90E1DF241224B4489E8ACBBB1E30F784F1A7775E516A3AF42B1049C67B525E81E4D0B3613E9D902AEC51AB82625F05D070B7BB20A034E63B634297
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..Lice

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\asw965c44df3565943c.tmp.new

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):32860
                                                                                                                                                                                                                                                                    Entropy (8bit):5.865835921693045
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:768:B01bebwJin7ru2DdxY4xJcBMp7IvoQ5vW:q1Sb4yHFR
                                                                                                                                                                                                                                                                    MD5:C782753BFDF4B35F963FC7067A4DD6B0
                                                                                                                                                                                                                                                                    SHA1:1E72D0544848BF72FC7CB2160CB1CDF1E8EC8232
                                                                                                                                                                                                                                                                    SHA-256:C6F58DD62E1C0ADD1D5FBFEC84E4B02C978D9DB23E59E7FE9DB8A4F51E5A44BB
                                                                                                                                                                                                                                                                    SHA-512:3418449FBA90E1DF241224B4489E8ACBBB1E30F784F1A7775E516A3AF42B1049C67B525E81E4D0B3613E9D902AEC51AB82625F05D070B7BB20A034E63B634297
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..Lice

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\avbugreport_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4995480
                                                                                                                                                                                                                                                                    Entropy (8bit):6.513466309572837
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:YMLfHhldPFjnwlNPzJrpxX5lPuf20I9qhXWYu7/5S6tvI3Et12IC8ztW96BuBAVj:arJv5FidWYC57tTsiV6ltkb0Dldq
                                                                                                                                                                                                                                                                    MD5:32D3AF2566FD2934E2E222686FAD38F6
                                                                                                                                                                                                                                                                    SHA1:D94B1E6B69DFBD4AA558FFF286E8A49C5E9FBDC9
                                                                                                                                                                                                                                                                    SHA-256:7D4E79BDDAD1A5484FE1BAC786EF5A9A451A8FD60519D60D1D40B6B22BC325BF
                                                                                                                                                                                                                                                                    SHA-512:86ADDFF38C283FBFFC417FC64F0A3AEF3CA2902956E3FA990876C7ED5432BB8C098C823F13D9CB4B0E0705FBBAAF65970AC27580255E4D4BFDAA6B7B004009AD
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......rKI.6*'.6*'.6*'..X"..*'.0...:*'.0.#.%*'..^".?*'.0.".A*'.0.$.$*'..X$.&*'.?R..4*'.D#.0*'.`_#.*'.6*'.;*'.`_"..*'.._#.7*'..X#..*'..X&..*'.6*&.j('.\...k+'.\.'.7*'.\...7*'.6*..4*'.\.%.7*'.Rich6*'.................PE..d...9M.e.........."....&..2..........n.........@..............................M.....-.M...`...........................................A.......A.,.....L.......J..[..H.L.P)....L.@j....:.......................:.(...p.:.@.............2..............................text.....2.......2................. ..`.rdata..0.....2.......2.............@..@.data.........A..j....A.............@....pdata...[....J..\...>I.............@..@_RDATA.......pL.......K.............@..@.rsrc.........L.......K.............@..@.reloc..@j....L..l....K.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3553688
                                                                                                                                                                                                                                                                    Entropy (8bit):6.472585130149831
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:W6qW6MWNsVp478L0GYoCgTvgaA1gzHBxBUPpljXp2swtTt2HsK17kyFxA+0zGycw:WDWXvk1JMtJe63
                                                                                                                                                                                                                                                                    MD5:A9A99325FC3F0E14A2FC9C41DEDB8C8F
                                                                                                                                                                                                                                                                    SHA1:869B846466552756EAB5D30D9022F2A08BB93E12
                                                                                                                                                                                                                                                                    SHA-256:8043322E2A1F6A9DEAB38D0748449E32805CFBF9C439621900F6174526586729
                                                                                                                                                                                                                                                                    SHA-512:9FB6CC535852CF87D8C632308AACF8ABB449061C63FC41D43411D0D651BCAD26416D6D2F3E603F764DAA3927B4F8547EBC64B5BBFCD183FAA674F8A33D832CDE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z..Uz..Uz..U...Tv..U...T..U...Tf..U|..Uy..U|..Th..U...Ts..U|..Tn..U|..T...Us.kUx..Uz..U}..U,..Ty..U...Tc..U...T{..Uz..U...U...T...U...T{..U...U{..Uz.oUx..U...T{..URichz..U........PE..d...>K.e.........."....&.. ......... 9.........@..............................6.......6...`...........................................,.......,.......5.......3.....H.6.P)....6.(Y...7'......................:'.(.....#.@............. .@...0~,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data....=....,.......,.............@....pdata........3......N3.............@..@.didat..P.....5.......4.............@..._RDATA........5.......4.............@..@.rsrc.........5.......4.............@..@.reloc..(Y....6..Z....5.............@..B........................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\avdump_x86_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3300760
                                                                                                                                                                                                                                                                    Entropy (8bit):6.599594150950671
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:7ZeFkAI0+Smz3ZOl6F5KJERCq3fECY/j6EEf2ELKgvgpUFuoI+Vzy1AyfSmYKYoV:tDAI0+S03WpGRT3fECY/j9Vx
                                                                                                                                                                                                                                                                    MD5:19C867597DB18F12A432B18910D0254A
                                                                                                                                                                                                                                                                    SHA1:C46E49567B58BCD6DFF28A74F6C826822BEDA51A
                                                                                                                                                                                                                                                                    SHA-256:6634705902AB86BFC02C28028D9C67648E36F9CB5389DB6F2EAC2690C71F3214
                                                                                                                                                                                                                                                                    SHA-512:258CA738F1DBD076C67C4E155DC0A0B6A45DE700D017F2196D51D1021BA6AC790EC5B4FCE71F881629AE713CB563A1ED27E8463A6F5ECBF83DBFC863ED4F34CF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........I..(...(...(..pZ...(..pZ...(....D..(.......(..z\...(.......(.......(..pZ...(...P*..(...(...(...]...(..pZ...(..a]...(...(..o).....w(......(...F..(...(...(......(..Rich.(..........................PE..L....K.e...............&.b...@....................@...........................2......2...@...........................(.......(.......0.............H42.P)....0.....4.%.......................%..... .!.@.....................(.@....................text...za.......b.................. ..`.rdata...............f..............@..@.data.........)..n....(.............@....didat..(...../......`/.............@....rsrc.........0......b/.............@..@.reloc........0.......0.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\config.def

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):28907
                                                                                                                                                                                                                                                                    Entropy (8bit):5.879432259360809
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:DqiV0hjbpPbNHRV2g0JigYwrTUoBDVQrZ1ONsXhxvFr7qz9PMmlfQXDSbvoqZtPa:HVWZbmJiQU2QrrbxJcBMEbvoktPa
                                                                                                                                                                                                                                                                    MD5:9EC99EB75C9259A7B519D30D19180F42
                                                                                                                                                                                                                                                                    SHA1:4F8B0B3F0E67993B04FECED1192302310E0576DB
                                                                                                                                                                                                                                                                    SHA-256:9601CB9020858512BCAD51151397560B7C07D1E7B746303A7CB4A39C59EC6862
                                                                                                                                                                                                                                                                    SHA-512:D1527F780759B10789D7A93212B9A8AEEF12CB887A4AC9E0413B79E3621D7F89AF6CAAC65BE96E77A95CA5A24EFF7A848FF78DABD3F77E100427FE155E79156A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkippedDomains=whatsapp.

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\config.def.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):9923
                                                                                                                                                                                                                                                                    Entropy (8bit):7.980596399921627
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:pElGwtm0LxNIpU5WPtLydIQRclnfsuHgVpE9oOvPyUftlV49zofHhIsPo1KjM:pEYardKpUMP4RykuHgVpEb6UHVOzqHVY
                                                                                                                                                                                                                                                                    MD5:D0DE8F3E318B15ECA372C3A821D7E348
                                                                                                                                                                                                                                                                    SHA1:CF3CD77ADB84390948F800E4B2651CBAFE59C2D1
                                                                                                                                                                                                                                                                    SHA-256:370885691F2506F0A44E94C989A385AC91D8B6A1D900BA22C6753C9A6E826AFD
                                                                                                                                                                                                                                                                    SHA-512:BA3AF2873A6248BFAC13050602B6DEA46E3B275EB8065FCD2589B704D180A5ADB7FE965653A1BE8840318B40E7D685349B5E0F618CE1E8098641730896970412
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3.p..c&..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1......d..)........6....d..Ox..wB....=eS.G..vo..i...57....0.......,h.\....,..6..2.u.. ........7.....n."G...?.>..2C..D...eL.@......}i......mL...c...zS....1.x..].<.".N..........0{n^`I.:.S...0.e..mn?1.+H.CF~.....t.>>....A.8...0.,.(.H!Ah..T.U.ER.U...t...7P.NX.....`....pE.C.;.c,....D#f^.R..".'@U.s.NR}..;h.!f.=..].......^.K..4.jE%..D..t.u.....!.):S./.7.....9.........HE...=..=Z.S:?D..t..-..Z6..T...4...F6..J4.E.\1m/......%..S....G..Q..Dk..."..p..._K.Z.F.)..Y6.iyN.r=\X..i\..i......{......I.dA.z..Q%>x.:IW.....].<...~;M.......DB....U.mn..7..-.....Qt.)NA.r.....(....e.7...h/L"...'...f.....m..?.gUY..K$....J..x{.3.S......Gs.~d."o?K<TH........B.5.G.>..Kh.....).8,Z..9....G..2..;...&..Y....j.I.3.%z.X..B.8X...e...4.....

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\config.ini (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):831
                                                                                                                                                                                                                                                                    Entropy (8bit):5.147102281525264
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24:lcNaG0R/qmPvw5uAT3McqGry/lTKF2szCsO:lyaDHBopry/lTKrzCsO
                                                                                                                                                                                                                                                                    MD5:719795BCC89880C5232A4E6710E8CB52
                                                                                                                                                                                                                                                                    SHA1:48091ABC5C4DCDF5A10D6A06D4D3C19E5CD14B4C
                                                                                                                                                                                                                                                                    SHA-256:4EDF71106D017D9745AC382701CAE75C227D37E90BBBD2BCCE55739368C1A553
                                                                                                                                                                                                                                                                    SHA-512:D47CDC7A766A8AF29873B0D0CBD5572B0EC9A676E3D438BB10477436B424E447F4C86D051818FF6E5FA1378879487A9C07D933C9C06A7FB5B8CCB5A5CDA10EEB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:...[Shepherd]..ABTests=62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_versions-older-than-23.1_opening-browser-onboarding_old-smartscan_usa_ipm_6513_open_ui_b_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-bc63bbfcbda3ef73c9a0ab66059cb5dc04bc838bf26db3920f9cea2c5e4e78ba..ConfigVersion=4916..LastUpdate=1710362785..NextUpdate=1710466555..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\instcont_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3902920
                                                                                                                                                                                                                                                                    Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                    MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                    SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                    SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                    SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):18940824
                                                                                                                                                                                                                                                                    Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                    MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                    SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                    SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                    SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\offertool_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2412488
                                                                                                                                                                                                                                                                    Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                    MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                    SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                    SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\part-jrog2-1378.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):697
                                                                                                                                                                                                                                                                    Entropy (8bit):7.558417002159782
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:I7Tjui3yY3GcCdvTtI0eNT/QdqTibcHqkG2cGk3r8T0MGr6HZJSPRLuegY41KlPK:UTjKY3NCPI0IT6qvGNGk3rlVywFP41+i
                                                                                                                                                                                                                                                                    MD5:BF29642063BDB0E6D2CE1275486D834A
                                                                                                                                                                                                                                                                    SHA1:AD7CF97C43E60714CAC84AB03142948892086839
                                                                                                                                                                                                                                                                    SHA-256:2C652381CB6FDA9336E08677C325D6DEB50AD00CC3AD543E7AEBEB1FB2CF0B23
                                                                                                                                                                                                                                                                    SHA-512:F1845D8042252A00ECB0619CF7D6B740B1DAD31A6570915FF0C69B953201A361E2534016E6C570DFF0F81AAE6E8BF656509BBB5FEA895C1925ABD07C4D4DF46E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFile....Y...x.-..S.a..._)K...A..sl..S.".c..HN....pe.q.....B.+...DB.%.g.y_4..........*...$D;N...'......,?/7[A..?.:..jJ.V.d%.&..N.+.....U..m...=....S...u.'..mlo..L.h.._....J.Z...x...1N.|..8..3yT^.!yS...e..!..<,..z.P.b......k.k.SY-.e.u..M....~../.^.W.[r..nyO...Ny_.W.v.V.+r..m..-.o...x...X.....}..Kr..#..W...S...+.:.8....O.ke...5..r>.|....:+.g..r.gQo..3..../a..._D..y=..7}.....}d....4.......9..)..Y.3.gp~:}L..T.'.|..1...D...H.....<I.O......_<.|c.3.>F..(....e_.......7...yOQ....H.G.=:..g...?.~.......9~...O.....~?......a...B.O.........l............!.;c...e......]...^........oR.a...?.[.X....hR.s......._...M;.N{.k..5sMpY.y.......o....Lr..=.q.ASWSig2B

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\part-jrog2-20.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                                                                    Entropy (8bit):6.82095977908995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:Do/QuV7sBVIj+1q7TYI/ywBK/gUNB+8Rl4rEKZ4gn:MQuSC+gYCywEZRirE04gn
                                                                                                                                                                                                                                                                    MD5:EBBF83D0C91280A0F82708A0F42D4489
                                                                                                                                                                                                                                                                    SHA1:3A6CBE7580735C038CA28DA63515A30B26D36014
                                                                                                                                                                                                                                                                    SHA-256:A621744C13E67B489D066AF58F6FC93B20AD01397E81199B36E52F2964B44084
                                                                                                                                                                                                                                                                    SHA-512:2CA67E98A22545C679FB4E413392F68AE7B76DC46A8AC0CCF6D714F5D88A63BF6DB9FD2F2DAFB1DF1FB3FB5A0F583913170C6772431E56AAC0538552DDCC90FB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFilem...s...x..pt.Ne``.s.ue..YE..F...n.@....773xW.k$p-............V2..y.N.>..Xp:........g..=.rdB.kmIF.U..a.A..@s........h$.~$.(.I.e...b...&(c].<5r..q..c.'.,.q..?.....vpE.1n.}...a......ASWSig2B

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\part-prg_ais-180217d8.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):75738
                                                                                                                                                                                                                                                                    Entropy (8bit):7.9978317410441795
                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                    SSDEEP:1536:A5NHYD3OyZkiynQcVuoRwH1K6iTgPrKkTOkrTJSh8Ex+/ta:A5NHYDeYSuoRM1niTg+kT9FU8Eia
                                                                                                                                                                                                                                                                    MD5:6C71D4CE25D27A10827D436B272688FC
                                                                                                                                                                                                                                                                    SHA1:B871397B5BA78A13804A7FB1160A425ED408E3DE
                                                                                                                                                                                                                                                                    SHA-256:ADB39BC4BD2BFB7BF08F6C7F746BA392274D3BB89B561504A301A540D821DC44
                                                                                                                                                                                                                                                                    SHA-512:5C7CDEC279BBD657FDF88710602D548588D38E475E8FEA60B1A23366BE69CE90A65D4F311CF491A314EE58317B6D34D464333B4A55009069F1129C06954E57B2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3.*..z'..]..@..(.Dx_.......~..1.Pd.....=....3s6.....0.|..~/..gG.%rm..[..&..Kr#.-|...i.;~..)N....&.8.f.......Qs..._...o.R..<......m...b.....*....s........V.6}..p........!.*.je..vvIS.9.$........_>G=E.......0..N..]>@".RP....-.G.....w.|.`J.....|K...ADb.mz...~.....68......F.U.F.K....[.;R%6...3.E..H.....F8.H.c1ge.dA......x....s`.....y..."H..~.~.<%.Y..|...(Xp..u[+N....#c..W*.3.)..t .....>....9.....n..0Q7.}.V:..F..T!.).G.....V.@.T.>.6.v?}...}...@]6!@.*.m....}..&....{.t.=7...5.mN.4.....'.(..S`.gh.,B.`g7.DcM..8...../>7.G..K.-...:....s.....T.[..n{8.c.pv0R...:.....K.{-y...W.../.Ocz.w.v`.[.[......1.AfD.... ..j.\..#.|I:}b.;.'..J..|{.L..xQ3..?...n...CUd\"m......F..".nJbak..}..JJy.=..q.(..Y....v;.D.............~....)...=.,.p.V.)....(...........Ey..."...'.Cc..j.....bF...RFh.bX......:.N..U...:.w&.6................$.`E.#...Y..?f.fr.8....K..t..Ihs.z..@.2.=D.s..S..N.'~`.)..5R....L.......3...........u..`8.....|.K..o-N6.~.[T.....#...Mor..{.aP<3B..C

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\part-setup_ais-180217d8.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4397
                                                                                                                                                                                                                                                                    Entropy (8bit):7.953199557337158
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:icRM59JIs3NdqkiJsVt05btsS1bSlv1/Zi0ulQuxQ5LIXGwcJHUYn:ickWUNdqH4t05JsSF81IlYLI2vHUK
                                                                                                                                                                                                                                                                    MD5:097D0EABD44E9BAF473C81819C3EC55B
                                                                                                                                                                                                                                                                    SHA1:BC2A92474BBDB4EDAF14C1C190B825EB6193EB48
                                                                                                                                                                                                                                                                    SHA-256:8698EDB56EA12329BD42D79E1E2FAF6CC9414DE598CF88F65408A01CE95E5011
                                                                                                                                                                                                                                                                    SHA-512:995041F9FC774BFC764E6CE4529F49BCAE367CDB229F582E8CD5E6AF352BF729CFE6F686379710B7AD3A74EFF703CBB5FEDE8B3639AFD2FBD2929269DFBD9727
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3........]..@..(.Dx_.l2......gz..k.+..).Ys..)tj....<..}K..b.......q.g.j.....?.._G..1#..P"...*..T. ..].....:zzIi..V..6..pV.z..Zk@%._....".:......i~.....Ja..;\sR...T..>..9`......E.g..~._..r...'kc.$.YPn....EV..e./U*.y.hZb..".R1..+.E.5..."...Y....;EL*=?...#N..8...V...]R....3.?.YF.K.|M.^J..,.P&.......e.z.YC$.!{.n.....'.n3W...EoXu.....n.Aq.+.Lh..?.......6D@.v1.2U...4?..c......9{.......h....0......N."../.,..?..k.E.....g4..F...#(B.....z@.e....`DU;b.uj..y....u.4.C:.,k...X.V.c...@..s......h...b.]... .0s.p....]Ay..:.Y.iE).U?..;.Wq.......\Mb.....M..c.q`....;...t0`...9a.n.......E...ee.9...)....J..b.}n.BXD..oc........0ns..r.^.z/. ...$....(;...^.r..M.n%.W..A..2v.......n...YS.v3..3y......].w;....^...QX%.i8.. .y...#.k...<z/E.hI..q.^.y..=..G.@,..*/.rj...W.....h[.....)......Cb|...._....d..!X-..f.6tW.r..O:.>Rd.S....,.......%...?.~.vV...Pf....>.-.....D.94{.J*...-.i...Pb.O..M.]O..y.6..5..`..}........a.>\i?q)..."z.,..l..0.{3...M~l=G..m..&..j~..>

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\part-vps_windows-24030404.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):11984
                                                                                                                                                                                                                                                                    Entropy (8bit):7.972915435409775
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:LCqzYVh4XXTCrVLp2szo5KFoHpt1o44xmEtNUhsCarKp5K64Tljrz87gCGGmi25/:LIKWJrZ2v1o/jtKE5645jv871RmhuKYk
                                                                                                                                                                                                                                                                    MD5:2BCF45F7202C6A6CB96022BB69A30293
                                                                                                                                                                                                                                                                    SHA1:B39FE07055E2C7C44F5800C1D1C427CCFA158E67
                                                                                                                                                                                                                                                                    SHA-256:F58FCD23B784BCD52F8B6EC982E6385024458F87428E11607A1497D12FF4F562
                                                                                                                                                                                                                                                                    SHA-512:C3B9E452A0E870E10DC18373B930A84715607BF7D1EBA529771868825867BB86CA8E499873D013DA55CAB9629482C8F4AD78FBE8A2B15F7D5C0B7E32DB3CCE15
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFile.>..p...x...uPUa./|v.R..FiAZ.S@@:....DAP:.CAD.DT..$%$.:.AR..Q@.e.k=.>..w.g...q..{....+>|/...........N....y................l)fo.8v.$....+......6K..Z..C.......9..?....{...@..N.@D*./^.....Q.......e....n.|..I.:..H.........".%..A.6......^..5.^..j.*. .2.+!.".+ .<..!.,.. U.Y.B.$......^..b.(RE.ua..!U.y.<R..u~..C...... ..Y.BzN.r .,R. .#=.RYO*..9...3#........4R.u:..".4HO.T*d....HO.Trd...I...RI.ub.'BzB.'@z|.."=...HE!.xH.........".!.. .>R. .~..w.~.......o"u.Y_G._H]C.W.~..~....~...~..?..Y..9.E....)d}..'...R..1..E...>..CH?...H.....^.....F....Dj....mH..-HmF.!.W.................Y.|b$.b$.b......5W...;.aR.eb.Dq..-....*....CO.........JD._...s.........zR........W8K.1.....E..L2h..L..c..?...I.2b...,`rp..0.........LZOb..I+...U0.`r........&..d..K....vk...$s...,.`R...09UK..\..L.....l.#.L.*..&..I..>.$..k...d.2.`R]..0Yr...q.D........0B.d..2.$..1`....09....$.&.Lbe.........=Z...m.`....0.Z@..ts'.L6.&.L....&....?...&w_b..rA....%+`....`..8.`....0IM.

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\part-vps_windows-24031205.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):7413
                                                                                                                                                                                                                                                                    Entropy (8bit):7.976453346545701
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:oV/nXw9vBJSKMtDaiAUjrdt9IjZ+5uhPOnX:o9nXw9vBGmA9bIk4ZOX
                                                                                                                                                                                                                                                                    MD5:F8D258C416A200CDBEE9796CA92349EC
                                                                                                                                                                                                                                                                    SHA1:8AC6F50E2EE598233A6712614986EC7548DBE309
                                                                                                                                                                                                                                                                    SHA-256:0C47CA13878279FE0EA6AF2688ABEB84FAB19CDEC2F5C87EC23DECE4B6CA81AE
                                                                                                                                                                                                                                                                    SHA-512:C6814877083C90FC086912E39385BC16279AAE2CC5A3E15CED74769590E34EC35D37837BB38499D5354B7E07BED9B3C0FD2BA11065F9F0A7FB479238CB38DF3D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFile2.......x.}.eL.\./p........n.{qw/.}p(.....)Nqw..Xq;O.=o.s.......>._.....I(.CAA).)I..s{:...;9..qs...H..3..9.o._..1[..cy...u..$.....:.gJf..?\.:.e....E.. .RpF..S(`...hI..#....?%sC....t.....Ls.K7#3'..'....2.9..\.h6.......x...Ue...^p`^./{....[.huZzF.M...a.<l.#6r..c..f.d............."PCP?..%.RqSc...#...{;.z.G.....(.q6.*...}hH..2..S..H2....U..R.....7..'.....Ql.L...U....7.#...P..e.8.5..T.=73.......{d@I.L....P.X..hU..(....P....?&...6urr...e....{...e..&..#.T.k.........%R$.......+.D..w..C7...#.+.q.R..o..........Y..L........?..9\...\.M../.<..d.R..L'/+..6.\t......K.2`J....p1..k..a.cJ........$j....:......................_....C.!T.:.....H.h./F.........QR.K..e.O.............U'......t.?>..s.u.I..by.........,.{.0O....>1?....i.....W..$.......|6.W.}.O...E....s.......Js.T..oSw.?...d.v#.x..:1..}%<N..jN.d.\.(...y....6Of.gK*......?B.t...>UP....iR.__.......N+.yGR...-.{.S...z.W....{.~......~.6Y&Cy..a`Z..04D[.H.....Pe.Zc.9o\..'.=.V. .....CtDnB.~{.sH.b.$

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\prod-pgm.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):572
                                                                                                                                                                                                                                                                    Entropy (8bit):7.558614667533688
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:5xXyRBQNYQjvpcRWV+s6NniD6hJpte1lvkYQ/PG4y2Ln:vXkBeY2vpWWVDwiDtvfIvn
                                                                                                                                                                                                                                                                    MD5:0A054DF60D417F5FCBBF25FADB0E4AFE
                                                                                                                                                                                                                                                                    SHA1:A965157DCD73C2D6A5F833C9B2AC95BFEF2BE63A
                                                                                                                                                                                                                                                                    SHA-256:7E70B39519CCD50E544054FC436699D00B4595409BAB8FE2973DDD1D36B9F24E
                                                                                                                                                                                                                                                                    SHA-512:3308BB17E921C61DCD12E5B215901FA9CE70129B1A29FCB6D0AE4E31FE2002A9DEF29CA6D97703A0FB04DE8D90AB330356D84837C9169D92D45945DCC414E396
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.En....).\.8#t..;|;...k3...n..&...Q.3..i..(a.X(...9]..i&..<I'...|.[..Lu.X....Oo...t;....[..(...{..'.#.dW.K.?..tc..f...hZ<..>.5....8Vl.....U.....VB...B)..J..9........l.B,.mI*'..?..Cb.`....pib.R.k.q}..S.]BF\0a..T..~....%...R./..{..o]p.mw.L[..u...LU..I..4..s.!.w.7/.>...[./$'3..6...|..h(.....ui.....w.Rt.......02.p......I....z|.s...MF.%.d#.*q.#...V...h=......N..e.kZC.B.qQl..$......b.6W.....H7.t...EY........`...7.Kk......wb.v..o_Tu.}8....v....p.....>.dC.u6......Z....e.a.@.ASWSig2B

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\prod-vps.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):340
                                                                                                                                                                                                                                                                    Entropy (8bit):7.333553298086711
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:DulSVt/JaU+Tkbke90ml6Neqiyzs8fgPX7os4L+Uy6zMu/cikn1yNpvcE5Qun:KlY/kEj+ml6QvyAOgPXssien4xcE5n
                                                                                                                                                                                                                                                                    MD5:687BB9B1E8194ED49941D5F341B74ADA
                                                                                                                                                                                                                                                                    SHA1:8DAF1F3882D6F2DAFDD5FD3B9F209570E366C8EA
                                                                                                                                                                                                                                                                    SHA-256:3D5872A4FC8060B7F3186249360F8D6434F824C3B66B13CF5334251B7E7913ED
                                                                                                                                                                                                                                                                    SHA-512:9C8955369136F59EA8607F63AD9DF3F2E6090478F846779124C99AADCA1725E9DC1A494D273DDB1563A7034276413B4BED147F9AC9D94DE4179DCC9E31D53FB9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0.....n>.~ .e.;....H...X..zk.gIS...........an....z..t...il.....HY.k.a...7.9............23.....k...a..e.. .pC...y)...0...1..\.U.......&.....^...w.S....R.M[6+fk..k.Pf...e.t.o...?..Rv....ny.-=..sQ>.E..HeBl....m..j.I.9a1..>d......}^..IV..3.................Y.....ASWSig2B

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\program.def

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1539572
                                                                                                                                                                                                                                                                    Entropy (8bit):4.90411057802219
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:1536:jbaHndUNyN2XLYuCN4MjWCN4Qj5qpwNmvH5Rw+YGvRNpn3DMSMd5i45eRpCvWIOL:iH+NWVw7DEDF4cts
                                                                                                                                                                                                                                                                    MD5:225ACA22F30759664D53A10EC7584E7F
                                                                                                                                                                                                                                                                    SHA1:1C0CA6C6CE19584BF680106F85DE61A473F1AAE9
                                                                                                                                                                                                                                                                    SHA-256:36AAA459FC1257CD61B866B4B484A23CCE20BD6327315A06E05F4DCA0348DE58
                                                                                                                                                                                                                                                                    SHA-512:EADFC779CE8CC21B0E42546BDFED9581F48C185092CA280832EA03DC49913410ECF346F2DCDEE69CEBE4DFCB07308E18ECFB02BB96FD79C5BE8E4619195967C5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="program" name="prg_ais">.. <selection-tree>.. <selection-tree name="ais_security" name_ids="23000" desc_ids="23001">.. <node name="ais_shl_fil" name_ids="20002" desc_ids="20003" />.. <node name="ais_shl_bhv" name_ids="20014" desc_ids="20015" />.. <node name="ais_cmp_avpap" name_ids="21062" desc_ids="21063" />.. <node name="ais_shl_rsw" name_ids="20022" desc_ids="20023" />.. <node name="ais_shl_web" name_ids="20008" desc_ids="20009" />.. <node name="ais_shl_mai" name_ids="20004" desc_ids="20005" />.. <node name="ais_shl_shp" name_ids="20016" desc_ids="20017" />.. <node name="ais_shl_exch" name_ids="20018" desc_ids="20019" />.. <node name="ais_cmp_rdp" name_ids="21064" desc_ids="21065" />.. <node name="ais_cmp_secdns" name_ids="21040" desc_ids=

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\sbr_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):20376
                                                                                                                                                                                                                                                                    Entropy (8bit):6.64820412968221
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:GxaZ9QMb3KiVm+JmADIYiWoYrAM+o/8E9VF0NygP:GYZ9nbhJmhYiAAMxkE
                                                                                                                                                                                                                                                                    MD5:38F073F181FD2668EE160AE83B9D8BB9
                                                                                                                                                                                                                                                                    SHA1:1A77C8F984EFCD95CA0DC0EB2A14900671944B3C
                                                                                                                                                                                                                                                                    SHA-256:8B38E98F961512F8013142805706ADD8E1559B201AA471C35A04EBE71A530B0F
                                                                                                                                                                                                                                                                    SHA-512:CBCF332330CE71EDD3C3C84F50F77E282807E246513C6061584F33B7D3AF4AB87331F5E9227C9E7A3A0BE2435CAA242D4C7442400249C998354D610C340F14D9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d....K.e.........."....&.....0.................@.............................p............`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\servers.def

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):30252
                                                                                                                                                                                                                                                                    Entropy (8bit):5.13575811717365
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1d:Z9otwD4X63hwryPIBWrMYhOv+n8Z4D
                                                                                                                                                                                                                                                                    MD5:40166991E6A6F3904FC7FC1534D3A02E
                                                                                                                                                                                                                                                                    SHA1:8B54C8E1D2F629A2DFBA28199143A9FE3B3A0877
                                                                                                                                                                                                                                                                    SHA-256:F9EFA12E70BDDFD67D8267FE5474D319D8AF311FB459C626BF79C4B1B4BB003E
                                                                                                                                                                                                                                                                    SHA-512:532AF389AC35C9F0BA4696255C1379CF34743A0F56EC8935F328E866D74FE745D567E366D3AC1EDE183F19A40BFD3AC5DDFC1729639AC32272FB8D9F454E85E7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\servers.def.lkg

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):30252
                                                                                                                                                                                                                                                                    Entropy (8bit):5.13575811717365
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1d:Z9otwD4X63hwryPIBWrMYhOv+n8Z4D
                                                                                                                                                                                                                                                                    MD5:40166991E6A6F3904FC7FC1534D3A02E
                                                                                                                                                                                                                                                                    SHA1:8B54C8E1D2F629A2DFBA28199143A9FE3B3A0877
                                                                                                                                                                                                                                                                    SHA-256:F9EFA12E70BDDFD67D8267FE5474D319D8AF311FB459C626BF79C4B1B4BB003E
                                                                                                                                                                                                                                                                    SHA-512:532AF389AC35C9F0BA4696255C1379CF34743A0F56EC8935F328E866D74FE745D567E366D3AC1EDE183F19A40BFD3AC5DDFC1729639AC32272FB8D9F454E85E7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\servers.def.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2453
                                                                                                                                                                                                                                                                    Entropy (8bit):7.908696741315511
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:D31oBEs2XRm52nx5ivt4+qThjoZoGhjDh9yiHPkjOaNRoLQk38Cftn:Bo/ORmknx5Mt4+Go6G1V9f6OQ+QPMtn
                                                                                                                                                                                                                                                                    MD5:EE9CA03492C36A80F121CE875F37EE49
                                                                                                                                                                                                                                                                    SHA1:5FB09D00C2FFF875092C7578B382E86747C1353E
                                                                                                                                                                                                                                                                    SHA-256:88796CDDC56ADF9E49738EE870981EF8BB0711D576D431DE619D7F1D96EC4969
                                                                                                                                                                                                                                                                    SHA-512:4F714578DA12804A7C8E7C3416D9BD71315CB101A7E2649DD47FAA4BF5EF43699C957491C1751A630AF12D3D37665D28940CB4BC7571A21F2E5C315EF1FF037B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3,v..5...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\setgui_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4159384
                                                                                                                                                                                                                                                                    Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                    MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                    SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                    SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                    SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\setup.def

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):39810
                                                                                                                                                                                                                                                                    Entropy (8bit):4.746658403977665
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:KuvwPBDA2JOzk6xdyPBnElynDWpphobBsv2Wm0MzNzUvuFqzeuxd9XJBzXO:Pzkq5lTj6
                                                                                                                                                                                                                                                                    MD5:D8573C5F8E4662576AD0CDEAFF56A7FF
                                                                                                                                                                                                                                                                    SHA1:41FE03B91C9FAF6B5C4DD196CD1A852B691F1416
                                                                                                                                                                                                                                                                    SHA-256:B9A5159B0CC11112B83B43D8CF4E5184CE57E5ED322153D8264E32CF4ED28F68
                                                                                                                                                                                                                                                                    SHA-512:5729337268A6D6A3876309CC85A69D393457A83227DC30D77A14F29C55B110B789FED890CFF1451AA4DC9B15810724E8FBE52E9D4971CE93A7116B3BFBA7710E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.2">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />..

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):15800
                                                                                                                                                                                                                                                                    Entropy (8bit):7.98838996987327
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:6WFhM1B75AbtWCalKC+h9KMoJY2hZdFkIkWTjmQdV+Af:3mfAbAYC+hcyE3Fkti1
                                                                                                                                                                                                                                                                    MD5:AAB0048FDF151FBACDFB0DBAB5228238
                                                                                                                                                                                                                                                                    SHA1:1A5F6A03D746D003F1062413D09191EB89C1E7AE
                                                                                                                                                                                                                                                                    SHA-256:E977AEE7ED23369DAEC697B4C4233368252FE7CE584630E24F279EC1180D0C59
                                                                                                                                                                                                                                                                    SHA-512:615EDD5CA960BF8B9710F033DE4D17B18D1919D6BC82CD324E3133816AF8B8D4AEC68050FFD5EEE306A9C74B131DA7E08A6DE82D64C88433AB3D461FB333E78E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3.k..X=..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yW....\.9f.F..||".CUy.V..n../..}X!P[.^6.YB.......z..T.rK.0.y..aJ0..rXb.u.q. .....S...A...v.......c....u$.r..5...4......u.r.R/|..."ji..1.-tGR.G.....a..6....W[$...o.........h..........z.......-..$..aF{.,..B.t..zB..F.m.oD}N{....\.P*..6...(M.........Q.s6k.b....3m.[._.......W{...|SYM|......g..d.6)!&.A._.ho.....i.A.,..>.9.7......r.v...@..2.l..|UU..fo.....-..'Q.$.Z...1...Q..?;.).D../.+..?G....x./...C.K...X~.b.m ..B..Ry..J$.Ve.@W.\'....(.K.Fz.*_.2.7v.)p..8...S-..RU...j......q....I...?.P..3.Qf..#..l...R>.....[...k.....nf.E.8.ks.L#."].f.@|.n....qf..M..Q[..|....>.p...Y.........M..k..`3.5.[jm.......{.....q...A.y.f.,NzZ.....4.....10M.......e..c..j.u......e.1VD...l.d..........\*.^.E..U...`.I....)..#kcS..4..EA.o.P.NO.hpH.k.'#E.W.l.6..95..G.......X6Y.'........:..e.@vc.J<k..n.....^...|.A.._.?:Y..La;K..4...(..%MV..Y.q....Gh."%>....Vx..)....<.

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat64.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):30104
                                                                                                                                                                                                                                                                    Entropy (8bit):6.81245023656339
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:G9FY0CyNuzvD+BLQnG1JVpgllhZgKR1svYx6ebkHQ7nIYiWrAAM+o/8E9VF0NyA4:UxCUKKBcns+DZgqsQsw7IYi7AMxkE9
                                                                                                                                                                                                                                                                    MD5:5B27033D9017E2F4C26F79036B4AB55E
                                                                                                                                                                                                                                                                    SHA1:29FF3896E9839082E46EB2F63DE213A0181BB201
                                                                                                                                                                                                                                                                    SHA-256:E56A6E77A4FDC4D62634A4F92A202A9D02E382C253C4BF11E5AD338D1DCB3BB1
                                                                                                                                                                                                                                                                    SHA-512:353492F13C791AFAB222D0054095BF2ACC25470FE598C17121DBE106B0D05189B72D1B09A48CA88271501DDCA52F1B3CC70E94679DC51B8316DCB7AE8C30B86C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.I.?n..?n..?n.YMm..?n.YMj..?n.YMo..?n..?o..?n..g..?n..n..?n....?n..?...?n..l..?n.Rich.?n.........PE..d... M.e.........." ...&.&...$......`4............................................../.....`A.........................................T..,....U..P.......h....p......HL..P)...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...h............D..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\uat64.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16863
                                                                                                                                                                                                                                                                    Entropy (8bit):7.9882898526517145
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:lhOf4uYbglNtuqWRIk02FT+jn5I506abKP2uFhaDLVqnkgl9Ou1:Pm4uY0bUikPFSj5Mcbu0xqk09X
                                                                                                                                                                                                                                                                    MD5:E02EEFC39B04DB8951449C945CD93472
                                                                                                                                                                                                                                                                    SHA1:FF85556AFDDDFB6D71BEB2288FC76075465D21AA
                                                                                                                                                                                                                                                                    SHA-256:F1F64057B28940C6B0233049D0AB6A2C9A5B5FBD01528E1E0AFA00D1CA4248FD
                                                                                                                                                                                                                                                                    SHA-512:FD49E3B113EDA1078DC77261D7CDADD468008F05EEA5FA786730A99B98200E18FD6F9F28A0A72C6C4E5810CFD96766588490B0AC61C83BC773F122434055A19E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3.u...A..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y......Hdn.......l^.m......atrd."=..68...&z.dN.......H.u.a..S..+%.II|.+I..$.e....C(..v.3Y..[Ay.....`d.X.....g..~7.....C..L.)........M].^.<.L...?6 a..Y...o9.j.Q..E-f..._..7..%._..U)....l...(..a_&]..+..........p.L..Q..#..'h..e.3|c]K..../.....).w"...\.(.)..Z..6NL.*..(*h.....i...j.T.fYFA..l(....~,......)(Qg|..0......p.D.,.._'. ....P7.W,....&h.a s...s.cH...m.........t.`...).0.....q....t....Z.S.&K..'Te..`99M.....Y...N....u...].}..,.p3......P..v..z..|,..0s.8..VBL:C.v.d../~, .........y.........A.tB......<...N..s.......~..M.;....=..HJ...H..._..y............W.Y...;.U$........]].6R..q.~.="....}..A/.l.......k.....".~.*=.sD....I.2.at.z%n.0....+....T.u..,I.W....9.7oe.....\u.GD.K..e..9..b.{.@}.(0...'.N...g..Y..Y....q.aN....<..9..J.i.%.&...cM.^....>\..'....R~^......L...\.Z........y..-w;....n.<.ky.....z\.`.....X.../?..%.n....D%)..r..T.u..g...[...E..(.c.

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\uata64.vpx

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):10881
                                                                                                                                                                                                                                                                    Entropy (8bit):7.985037092366453
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:bI4cpCo1QZHW1Fq0hOS0pnkfVolDa70NsmnpuaA4HdpJmls4idWCsypfsWGs9H:bI4cpNQZeFl+nmUDO0jrA4Hd89iduypT
                                                                                                                                                                                                                                                                    MD5:8DA67324E5F113F1A0BC65502EDB0EC4
                                                                                                                                                                                                                                                                    SHA1:8D3F0D73F8021E8F00663E2D75DD4A21C0ABDDE5
                                                                                                                                                                                                                                                                    SHA-256:409369A85776A924F7DB453FF98B41C7C7A0D14C2BDE4456285699C2A4A0AA95
                                                                                                                                                                                                                                                                    SHA-512:D9816D89BA20389E08427BA102C53F8A83D1FA62BAEF9A7A3EFA461F6F4E2E001BF7E6DBCDB143A532419C5CAA84B249EEEFC25FFA6BC75119C2D3B83044D901
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:ASWsetupFPkgFil3.K..!*..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y.....6[b....-...q.v...Y...jKJ\y..t...x....Xp. ...........d..+.. .K!.J.^.>...WM.g.@D.6..!....U..u....}......QF.:..(?q.. .h.. m.y......U..}.M>'.`.....K.U0;*y.V...x....K...1O..i..Ig...?.j.....l.>..n...[Z.xi.X....L.l....(E..".,...csu...T[.ZF.......U.......*.x........A.C.z..%^..gZ(....I..,..su"Z..0.FK.v5=..le._..S#..Y...T.~..JL.<..x....("P..[yo..3_ucDW..../..q....i.;&k)..J.h!d...m.. .wvq..:l.D:~..W."...st.C...Hx.wf.8.D.'....]..V.g..y..VU...........@.]8^.t..?...MUk...u..Q...=...Bh...n.G.s..TY.z.X.....j.u@Lg....7l3..e...Wp:k.c.(.T.....+w.<.aN...)~)....a!0t.|u....P3...&./..o.s..pf.q...K...*!KK...........BN@.B.q...$......8#!.%.fbY..._....*...L6......l..m...^0....j...4.s.5...=.;..N...@..gt..C.....F...&..7.~t.@...m_.oqnu...,.yN.M.c.nj........$l......YS.Pq.^0..Q.....!..i...j......n&^..joG..i`r1...u........'.'^..x...U.O3]..Z^....tt)+..>&.7

                                                                                                                                                                                                                                                                    C:\Windows\Temp\asw.a9fa3c9ddc728b38\vps.def

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):55198
                                                                                                                                                                                                                                                                    Entropy (8bit):5.024970869316582
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:384:pvuCUuAU7soerqmZwyCW+TDgE9aW4EolvdpPIgZl94+dM03JYzOPz91ra77a97sq:pvuCUuAUQJ/lSh6Uou5TL5kv
                                                                                                                                                                                                                                                                    MD5:DA2287D5BA98386C3E1C897FC7F2F15A
                                                                                                                                                                                                                                                                    SHA1:FCB71BAE4603A983B3312598B2218650D9FC9684
                                                                                                                                                                                                                                                                    SHA-256:9FF0BADD06CFDCDE8320685072F0FDC990656202F997FF54016982774D295F01
                                                                                                                                                                                                                                                                    SHA-512:7D2F4B3C1DFF6BF21B65F94A12990349F24633B398705957AF0764EBAE21A346B31140F7CF530DA23E7330EBE5CC0E10491BD50A0504594FF8AC481CE7D220E0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:<products>.. <product-defs>.. <product name="vps">.. <part-list>.. <part name="vps_windows" type="vps">.... <expand-symbol-alias>.. <src>%VPSPATH%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR32%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR64%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <condition>.. <or-list>.. <file-exists path="%SETUPPATH%\Vps64Reboot.txt" />.. <and-list>.. <or-list>.. <is-operation name="install" />.. <is-operation name="updateProgram" /

                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Entropy (8bit):6.389832495797103
                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                    File name:Microstub.exe
                                                                                                                                                                                                                                                                    File size:263'576 bytes
                                                                                                                                                                                                                                                                    MD5:02bd5dd672a21a001e4b82e2a6031d30
                                                                                                                                                                                                                                                                    SHA1:777476e4e9bab85545e977279572b38d83869261
                                                                                                                                                                                                                                                                    SHA256:c230c739f9107e8fd871f2158e2299e010679aed34fb419cd8c9acc8cc4a9a24
                                                                                                                                                                                                                                                                    SHA512:df3cdfae583c8f1a5d7e7ea002b25f2de43490454fc02aff93232276c50d2af73ca3842ac0744ab8b7c30d0f8d1f57c69c97bddef6c520522d4adefa2e902e0a
                                                                                                                                                                                                                                                                    SSDEEP:3072:z2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhh0rn+x:z0KgGwHqwOOELha+sm2D2+Uhngu0AS
                                                                                                                                                                                                                                                                    TLSH:BA4426116D908062E1B61A30E5BCBA715A6D7FF00B7088DF53B07E2E3F751D2A635B62
                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A.

                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                    Icon Hash:8e133369490d074c

                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Entrypoint:0x401020
                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                    Time Stamp:0x64366D75 [Wed Apr 12 08:36:05 2023 UTC]
                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                    Import Hash:79b68a12e4eb6aa0c59dd1289006924f

                                                                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                                                                    • 16/09/2022 02:00:00 18/09/2025 01:59:59
                                                                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                                                                    • CN=Avast Software s.r.o., O=Avast Software s.r.o., L=Praha, C=CZ
                                                                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                                                                    Thumbprint MD5:F65D3D51A1CE5FCAF5F4A6104C638258
                                                                                                                                                                                                                                                                    Thumbprint SHA-1:50ED9B8496344F0895FC6C5500865B15B678D105
                                                                                                                                                                                                                                                                    Thumbprint SHA-256:AD4D810955F27494D8B9CC8E4456D0A9A8976D5E7E70858FC7486C463D233EB7
                                                                                                                                                                                                                                                                    Serial:0902B36B3251C328083F777CA08428FF

                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                                                                    push 00000001h
                                                                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                                                                    call dword ptr [004230F4h]
                                                                                                                                                                                                                                                                    push 0042359Ch
                                                                                                                                                                                                                                                                    call dword ptr [00423104h]
                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                    je 00007FBBD4DFA2D7h
                                                                                                                                                                                                                                                                    push 004235B8h
                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                    call dword ptr [00423248h]
                                                                                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                                                                                    test esi, esi
                                                                                                                                                                                                                                                                    je 00007FBBD4DFA2C5h
                                                                                                                                                                                                                                                                    push 00000800h
                                                                                                                                                                                                                                                                    mov ecx, esi
                                                                                                                                                                                                                                                                    call dword ptr [004232ECh]
                                                                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                    jne 00007FBBD4DFA2F1h
                                                                                                                                                                                                                                                                    push 004235D4h
                                                                                                                                                                                                                                                                    call dword ptr [0042310Ch]
                                                                                                                                                                                                                                                                    push 004235D8h
                                                                                                                                                                                                                                                                    call dword ptr [00423104h]
                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                    je 00007FBBD4DFA2D7h
                                                                                                                                                                                                                                                                    push 004235ECh
                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                    call dword ptr [00423248h]
                                                                                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                                                                                    test esi, esi
                                                                                                                                                                                                                                                                    je 00007FBBD4DFA2C5h
                                                                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                                                                    push 00401100h
                                                                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                                                                    mov ecx, esi
                                                                                                                                                                                                                                                                    call dword ptr [004232ECh]
                                                                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                                                                    push 0000000Ah
                                                                                                                                                                                                                                                                    call dword ptr [004230FCh]
                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                    jne 00007FBBD4DFA2CAh
                                                                                                                                                                                                                                                                    push 00002777h
                                                                                                                                                                                                                                                                    call 00007FBBD4DFCD6Dh
                                                                                                                                                                                                                                                                    add esp, 04h
                                                                                                                                                                                                                                                                    push C000001Dh
                                                                                                                                                                                                                                                                    call dword ptr [004230F8h]
                                                                                                                                                                                                                                                                    call 00007FBBD4E011CAh
                                                                                                                                                                                                                                                                    cmp eax, 05010300h
                                                                                                                                                                                                                                                                    jnc 00007FBBD4DFA2CAh
                                                                                                                                                                                                                                                                    push 00002778h
                                                                                                                                                                                                                                                                    call 00007FBBD4DFCD49h
                                                                                                                                                                                                                                                                    add esp, 04h
                                                                                                                                                                                                                                                                    push 0000047Eh
                                                                                                                                                                                                                                                                    call dword ptr [000030F8h]

                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                    • [C++] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2bfd40x8c.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x310000xf348.rsrc
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x3dc480x2950
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x1cb8.reloc
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x2a5700x70.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x2a5e00x18.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24d600x40.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x230000x2ec.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bd540xc0.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                    .text0x10000x216ca0x21800f3aa9bfe0e0173b2d8dbf69e0f7b5c30False0.5465980643656716data6.552507871447298IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .rdata0x230000xa0600xa200f1313dbc7d48a2854099a510bfc2275fFalse0.4890528549382716data5.400803596600892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .data0x2e0000x15c00xa00e676ce13014a1fea1d94c6052cb98545False0.20546875data2.7943028087818473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                    .didat0x300000x4c0x200f2ff10bf470db291929511a1884e701bFalse0.111328125data0.6949183674939895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                    .rsrc0x310000xf3480xf400535c79c29ec674fa70ff314de4bc4913False0.3526191086065574data4.956889230471455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .reloc0x410000x1cb80x1e00b242d5c80ab78d037235c071e32e80d5False0.7776041666666667data6.568397975609428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                    PNG0x317400x5d9PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.9926519706078825
                                                                                                                                                                                                                                                                    PNG0x31d200x6e2PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.8671963677639046
                                                                                                                                                                                                                                                                    RT_ICON0x324080x2140PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9937734962406015
                                                                                                                                                                                                                                                                    RT_ICON0x345480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.12659423712801135
                                                                                                                                                                                                                                                                    RT_ICON0x387700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.19387966804979254
                                                                                                                                                                                                                                                                    RT_ICON0x3ad180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2319418386491557
                                                                                                                                                                                                                                                                    RT_ICON0x3bdc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.41400709219858156
                                                                                                                                                                                                                                                                    RT_STRING0x3c2280x74Matlab v4 mat-file (little endian) v, numeric, rows 0, columns 0EnglishUnited States0.5086206896551724
                                                                                                                                                                                                                                                                    RT_STRING0x3c2a00x160dataEnglishUnited States0.4914772727272727
                                                                                                                                                                                                                                                                    RT_STRING0x3c4000x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                                                                                                                    RT_STRING0x3c4480x2b6dataEnglishUnited States0.18011527377521613
                                                                                                                                                                                                                                                                    RT_STRING0x3c7000x4adataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3c7500x50dataFrenchFrance0.65
                                                                                                                                                                                                                                                                    RT_STRING0x3c7a00x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3c7f00x4adataRussianRussia0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3c8400x4adata0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3c8900x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                                                                                                                    RT_STRING0x3c8d80x48dataFrenchFrance0.6388888888888888
                                                                                                                                                                                                                                                                    RT_STRING0x3c9200x48dataPortugueseBrazil0.6388888888888888
                                                                                                                                                                                                                                                                    RT_STRING0x3c9680x48dataRussianRussia0.6388888888888888
                                                                                                                                                                                                                                                                    RT_STRING0x3c9b00x48data0.6388888888888888
                                                                                                                                                                                                                                                                    RT_STRING0x3c9f80x82dataEnglishUnited States0.6230769230769231
                                                                                                                                                                                                                                                                    RT_STRING0x3ca800x64dataFrenchFrance0.61
                                                                                                                                                                                                                                                                    RT_STRING0x3cae80x5edataPortugueseBrazil0.5851063829787234
                                                                                                                                                                                                                                                                    RT_STRING0x3cb480x5edataRussianRussia0.5851063829787234
                                                                                                                                                                                                                                                                    RT_STRING0x3cba80x5edata0.5851063829787234
                                                                                                                                                                                                                                                                    RT_STRING0x3cc080xa4dataEnglishUnited States0.4817073170731707
                                                                                                                                                                                                                                                                    RT_STRING0x3ccb00x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3cd100x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3cd700x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3cdd00x5cdata0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3ce300xc0dataEnglishUnited States0.5833333333333334
                                                                                                                                                                                                                                                                    RT_STRING0x3cef00x50dataFrenchFrance0.6625
                                                                                                                                                                                                                                                                    RT_STRING0x3cf400x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3cf900x4adataRussianRussia0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3cfe00x4adata0.6486486486486487
                                                                                                                                                                                                                                                                    RT_STRING0x3d0300x160dataEnglishUnited States0.32670454545454547
                                                                                                                                                                                                                                                                    RT_STRING0x3d1900x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3d1f00x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3d2500x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3d2b00x5cdata0.5543478260869565
                                                                                                                                                                                                                                                                    RT_STRING0x3d3100x756dataEnglishUnited States0.3141640042598509
                                                                                                                                                                                                                                                                    RT_STRING0x3da680x930dataFrenchFrance0.31079931972789115
                                                                                                                                                                                                                                                                    RT_STRING0x3e3980x7eadataPortugueseBrazil0.31638696939782823
                                                                                                                                                                                                                                                                    RT_STRING0x3eb880x7ecdataRussianRussia0.34911242603550297
                                                                                                                                                                                                                                                                    RT_STRING0x3f3780x84edata0.3156161806208843
                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x3fbc80x4cdataEnglishUnited States0.7894736842105263
                                                                                                                                                                                                                                                                    RT_VERSION0x3fc180x2f8dataEnglishUnited States0.4723684210526316
                                                                                                                                                                                                                                                                    RT_MANIFEST0x3ff100x437XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1019), with CRLF line terminatorsEnglishUnited States0.5041705282669138

                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                    KERNEL32.dllSetLastError, Sleep, GetFileSizeEx, WriteFile, SetEndOfFile, SetFilePointerEx, LocalFree, CloseHandle, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, EnumResourceNamesW, GetWindowsDirectoryW, CreateDirectoryW, CreateFileW, CreateThread, GetSystemTimeAsFileTime, GetNativeSystemInfo, lstrcatA, lstrlenA, GetVersionExA, GetCurrentProcess, GetExitCodeProcess, ResumeThread, ReleaseMutex, WaitForSingleObject, CreateMutexW, CreateProcessW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetDiskFreeSpaceExW, CopyFileW, MoveFileExW, CreateHardLinkW, HeapAlloc, GetProcessHeap, HeapSetInformation, ExitProcess, IsProcessorFeaturePresent, lstrcpyW, GetModuleHandleW, GetSystemDirectoryW, SetDllDirectoryW, InterlockedExchange, LockResource, WriteConsoleW, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, FindFirstFileExW, GetLastError, HeapFree, InterlockedExchangeAdd, GetVersionExW, FindResourceW, LoadLibraryW, SizeofResource, LoadResource, GlobalFree, GlobalUnlock, GlobalLock, FindClose, GetFileType, GetStringTypeW, GlobalAlloc, FreeLibrary, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, LoadLibraryA, DecodePointer, GetVersion, HeapDestroy, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, DeviceIoControl, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, OutputDebugStringW, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, GetACP, GetProcAddress
                                                                                                                                                                                                                                                                    USER32.dllGetMessageW, TranslateMessage, DispatchMessageW, SendMessageW, AllowSetForegroundWindow, PostMessageW, wsprintfA, LoadStringW, MessageBoxExW, wsprintfW, SystemParametersInfoW, IsDialogMessageW, LoadImageW, DestroyIcon, FindWindowW, FillRect, GetWindowRect, InvalidateRect, EndPaint, BeginPaint, ReleaseDC, GetDC, SetForegroundWindow, GetSystemMetrics, KillTimer, SetTimer, SetFocus, SetWindowPos, DestroyWindow, CreateWindowExW, RegisterClassExW, PostQuitMessage, DefWindowProcW
                                                                                                                                                                                                                                                                    GDI32.dllGetTextExtentPoint32W, GetObjectW, CreateDIBSection, SelectObject, CreateFontIndirectW, DeleteObject, CreateSolidBrush, CreatePatternBrush
                                                                                                                                                                                                                                                                    ADVAPI32.dllCryptDestroyHash, CryptHashData, CryptCreateHash, CryptGenRandom, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextA, GetSidSubAuthorityCount, GetSidSubAuthority, IsValidSid, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorA
                                                                                                                                                                                                                                                                    ole32.dllCoCreateInstance, CreateStreamOnHGlobal, CoUninitialize, CoInitializeEx
                                                                                                                                                                                                                                                                    COMCTL32.dll

                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                    EnglishUnited States
                                                                                                                                                                                                                                                                    FrenchFrance
                                                                                                                                                                                                                                                                    PortugueseBrazil
                                                                                                                                                                                                                                                                    RussianRussia

                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.896956921 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.027261019 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.027415991 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.042632103 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.042728901 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.172422886 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.172599077 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.200969934 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.253374100 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:18.968105078 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:18.968180895 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:19.101444960 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:19.128947020 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:19.176276922 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.932300091 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.932334900 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.932447910 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.935128927 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.935138941 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.003350019 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.003390074 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.003515959 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.004002094 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.004017115 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.212358952 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.212441921 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.215867996 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.215876102 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.216145039 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.268929005 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.273332119 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.273742914 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.278812885 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.278821945 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.279087067 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.331773996 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.342941999 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.343055964 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.343065977 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.343216896 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.343216896 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.343230963 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.566080093 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.566150904 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.566376925 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.573638916 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.573638916 CET49713443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.573656082 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.573664904 CET4434971334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.628451109 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.628515005 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.628597021 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.674354076 CET49712443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.674385071 CET4434971234.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.044945002 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.044991016 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.045058012 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.045707941 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.045717955 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.313813925 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.313883066 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.350375891 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.350414991 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.351373911 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.366408110 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.366513968 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.366527081 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.608601093 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.608688116 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.608736992 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.715826988 CET49714443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:22.715872049 CET4434971434.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.005625963 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.005670071 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.005762100 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.006377935 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.006387949 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.282095909 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.282198906 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.285381079 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.285391092 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.285669088 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.286524057 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.286617041 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.286621094 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.579668999 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.579741955 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.579798937 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.580379963 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.580398083 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.580456018 CET49716443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.580461979 CET4434971634.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.798435926 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.798470020 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.798542976 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.800781012 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.800797939 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.997479916 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.997539043 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.000118971 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.000128031 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.000374079 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.050180912 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.124599934 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.124866962 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.124882936 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.170877934 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.170903921 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.170981884 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.171694040 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.171703100 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.345829964 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.345921040 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.345967054 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.345976114 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.346019983 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.346052885 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.346056938 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.351964951 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.352049112 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.352077961 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.352082968 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.352117062 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.357942104 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.358026981 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.364109993 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.364173889 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.364202976 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.364244938 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.370172024 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.370233059 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.434052944 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.434143066 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.434149027 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.434190989 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.436939001 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.437001944 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.437010050 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.437048912 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.444514990 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.444561005 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.448823929 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.448909044 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.449122906 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.449168921 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.449286938 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.449328899 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.455324888 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.455413103 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.455642939 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.455650091 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.455995083 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.458050966 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.458091974 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.458096027 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.461549044 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.461626053 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.461822987 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.461872101 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.467674971 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.467749119 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.467793941 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.467875004 CET49717443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.467885971 CET4434971734.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740256071 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740345955 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740403891 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740488052 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740504980 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740524054 CET49718443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:24.740529060 CET4434971834.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.534271955 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.534312010 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.534818888 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.539345980 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.539366961 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.728682041 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.728751898 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.730155945 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.730165958 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.730407000 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.785367012 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.830338955 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.830338955 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.830488920 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055494070 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055545092 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055572987 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055577040 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055622101 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055630922 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.055666924 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.061048031 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.067749023 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.067775011 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.067816019 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.067827940 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.067888975 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.073878050 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.080286980 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.080333948 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.080343962 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.128479004 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.146240950 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.149331093 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.149364948 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.149403095 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.149413109 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.149457932 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.155633926 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.162055969 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.162127972 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.162131071 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.162208080 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.162318945 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.168433905 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.168488026 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.168613911 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.168623924 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.174761057 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.174854994 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.174860954 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.181090117 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.181128979 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.181133986 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.188046932 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.188079119 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.188090086 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.188095093 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.188254118 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.194461107 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.194545984 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.194664001 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.194686890 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.194695950 CET49738443192.168.2.834.160.176.28
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:42.194703102 CET4434973834.160.176.28192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.329655886 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.329693079 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.329770088 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.333939075 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.333956003 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.416435003 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.416475058 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.416539907 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.417454004 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.417480946 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.608150005 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.608253956 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.612034082 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.612049103 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.612313986 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.614310980 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.614420891 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.614428043 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.691374063 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.691454887 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.697746992 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.697767019 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.698046923 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.698688030 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.698807955 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.698815107 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.899665117 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.899743080 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.899817944 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.900259972 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.900285959 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.900321960 CET49739443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.900327921 CET4434973934.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.982717037 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.982781887 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.982873917 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.983525991 CET49740443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.983546019 CET4434974034.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:19.128931999 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:19.258100986 CET804970734.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:19.258193016 CET4970780192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.278301954 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.278345108 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.278424978 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.279254913 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.279266119 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.555115938 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.555315971 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.559526920 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.559545994 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.559894085 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.562273979 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.562674999 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.562695026 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.845557928 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.845653057 CET4434974334.117.223.223192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.845782995 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.846431971 CET49743443192.168.2.834.117.223.223
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:47:44.846453905 CET4434974334.117.223.223192.168.2.8

                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.798053026 CET5803353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.798160076 CET5505353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.887140989 CET53550531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.913180113 CET5351553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.001771927 CET53535151.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.447052002 CET5171753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.535625935 CET53517171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.567671061 CET5646653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.656383038 CET53564661.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.703083038 CET6344453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.791275978 CET53634441.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.849689960 CET5149053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.855938911 CET5222953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.856556892 CET5149053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.857985973 CET5259553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.858516932 CET5149053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.859838963 CET5677453192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.860347986 CET5149053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.861733913 CET6128553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.862344980 CET5149053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.863966942 CET6231953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.864510059 CET5149053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.865917921 CET5255353192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.989322901 CET5256553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.991019011 CET6239753192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.992348909 CET5256553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.994029045 CET5205953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.995352983 CET5256553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.996931076 CET5236953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.997495890 CET5256553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.998853922 CET5105853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.999509096 CET5256553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.000930071 CET5159953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.001482010 CET5256553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.002877951 CET6266153192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.952481985 CET5763853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.959502935 CET6093653192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.960208893 CET5763853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.962380886 CET6525953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.962380886 CET5763853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.964345932 CET5883053192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.964867115 CET5763853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.966717005 CET5153353192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.967372894 CET5763853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.969305038 CET6117653192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.969960928 CET5763853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.974570036 CET6307653192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.094708920 CET6308853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.097096920 CET5717953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.097096920 CET6308853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.099494934 CET6447653192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.100024939 CET6308853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.102274895 CET5788453192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.102550030 CET6308853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.104795933 CET5789253192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.104795933 CET6308853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.106962919 CET5015553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.106962919 CET6308853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.108858109 CET6322253192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.385961056 CET6323553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.387844086 CET6127753192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.388461113 CET6323553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.389769077 CET4957853192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.390275955 CET6323553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.392894030 CET6181453192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.393459082 CET6323553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.394975901 CET6117353192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.395467043 CET6323553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.397053957 CET4972753192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.397655964 CET6323553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.399241924 CET5224753192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.572577953 CET5225953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.574512005 CET6286453192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.575030088 CET5225953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.576998949 CET4994353192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.577696085 CET5225953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.578957081 CET6330353192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.579508066 CET5225953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.581290960 CET6106253192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.582808018 CET5225953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.584892988 CET5484753192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.585561991 CET5225953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.586774111 CET6479953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.393584013 CET5892453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.483151913 CET53589241.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.371236086 CET5892553192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.373569965 CET5108953192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.459369898 CET53589258.8.8.8192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.461901903 CET53510898.8.8.8192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.838587999 CET5109153192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.840595961 CET6082253192.168.2.88.8.8.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.926629066 CET53510918.8.8.8192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.929007053 CET53608228.8.8.8192.168.2.8
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.326422930 CET6082353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.415157080 CET53608231.1.1.1192.168.2.8

                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.798053026 CET192.168.2.81.1.1.10x77caStandard query (0)iavs9x.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.798160076 CET192.168.2.81.1.1.10x6b85Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:20.913180113 CET192.168.2.81.1.1.10x32d7Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.447052002 CET192.168.2.81.1.1.10x4acfStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.567671061 CET192.168.2.81.1.1.10x94ccStandard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.703083038 CET192.168.2.81.1.1.10xd340Standard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.849689960 CET192.168.2.88.8.8.80x341Standard query (0)b8003600.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.855938911 CET192.168.2.88.8.8.80xbf78Standard query (0)b8003600.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.856556892 CET192.168.2.88.8.8.80xabfbStandard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.857985973 CET192.168.2.88.8.8.80xbeb8Standard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.858516932 CET192.168.2.88.8.8.80xba22Standard query (0)l7814800.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.859838963 CET192.168.2.88.8.8.80xe173Standard query (0)l7814800.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.860347986 CET192.168.2.88.8.8.80xe263Standard query (0)p9854759.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.861733913 CET192.168.2.88.8.8.80x4efbStandard query (0)p9854759.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.862344980 CET192.168.2.88.8.8.80xc310Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.863966942 CET192.168.2.88.8.8.80xede8Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.864510059 CET192.168.2.88.8.8.80xc3e7Standard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.865917921 CET192.168.2.88.8.8.80x10a2Standard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.989322901 CET192.168.2.88.8.8.80x852bStandard query (0)b8003600.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.991019011 CET192.168.2.88.8.8.80x51c3Standard query (0)b8003600.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.992348909 CET192.168.2.88.8.8.80x8706Standard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.994029045 CET192.168.2.88.8.8.80x2f61Standard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.995352983 CET192.168.2.88.8.8.80x4b0eStandard query (0)l7814800.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.996931076 CET192.168.2.88.8.8.80x9f09Standard query (0)l7814800.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.997495890 CET192.168.2.88.8.8.80xb493Standard query (0)p9854759.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.998853922 CET192.168.2.88.8.8.80x3b2fStandard query (0)p9854759.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.999509096 CET192.168.2.88.8.8.80xc4aStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.000930071 CET192.168.2.88.8.8.80xa88dStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.001482010 CET192.168.2.88.8.8.80xc109Standard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.002877951 CET192.168.2.88.8.8.80x3602Standard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.952481985 CET192.168.2.88.8.8.80x7645Standard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.959502935 CET192.168.2.88.8.8.80x6a23Standard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.960208893 CET192.168.2.88.8.8.80xdb8cStandard query (0)n2833777.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.962380886 CET192.168.2.88.8.8.80xf660Standard query (0)n2833777.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.962380886 CET192.168.2.88.8.8.80xe12Standard query (0)n4291289.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.964345932 CET192.168.2.88.8.8.80xd41cStandard query (0)n4291289.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.964867115 CET192.168.2.88.8.8.80x1379Standard query (0)r0965026.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.966717005 CET192.168.2.88.8.8.80x389aStandard query (0)r0965026.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.967372894 CET192.168.2.88.8.8.80x7dd5Standard query (0)r3802239.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.969305038 CET192.168.2.88.8.8.80x6471Standard query (0)r3802239.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.969960928 CET192.168.2.88.8.8.80xd67aStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:38.974570036 CET192.168.2.88.8.8.80xf93cStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.094708920 CET192.168.2.88.8.8.80xd479Standard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.097096920 CET192.168.2.88.8.8.80xc26cStandard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.097096920 CET192.168.2.88.8.8.80xa893Standard query (0)n2833777.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.099494934 CET192.168.2.88.8.8.80xc96fStandard query (0)n2833777.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.100024939 CET192.168.2.88.8.8.80x24e6Standard query (0)n4291289.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.102274895 CET192.168.2.88.8.8.80xa17fStandard query (0)n4291289.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.102550030 CET192.168.2.88.8.8.80x5099Standard query (0)r0965026.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.104795933 CET192.168.2.88.8.8.80xf45fStandard query (0)r0965026.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.104795933 CET192.168.2.88.8.8.80x7e66Standard query (0)r3802239.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.106962919 CET192.168.2.88.8.8.80x7b6eStandard query (0)r3802239.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.106962919 CET192.168.2.88.8.8.80x8267Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.108858109 CET192.168.2.88.8.8.80xfeddStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.385961056 CET192.168.2.88.8.8.80x16a3Standard query (0)c3978047.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.387844086 CET192.168.2.88.8.8.80x645cStandard query (0)c3978047.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.388461113 CET192.168.2.88.8.8.80x7fb0Standard query (0)f3461309.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.389769077 CET192.168.2.88.8.8.80xf185Standard query (0)f3461309.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.390275955 CET192.168.2.88.8.8.80xeed9Standard query (0)h4444966.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.392894030 CET192.168.2.88.8.8.80xb17bStandard query (0)h4444966.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.393459082 CET192.168.2.88.8.8.80x2490Standard query (0)r0965026.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.394975901 CET192.168.2.88.8.8.80x563dStandard query (0)r0965026.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.395467043 CET192.168.2.88.8.8.80x8d3dStandard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.397053957 CET192.168.2.88.8.8.80x5dd2Standard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.397655964 CET192.168.2.88.8.8.80x811cStandard query (0)t1024579.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.399241924 CET192.168.2.88.8.8.80x1587Standard query (0)t1024579.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.572577953 CET192.168.2.88.8.8.80xf9c3Standard query (0)c3978047.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.574512005 CET192.168.2.88.8.8.80xc310Standard query (0)c3978047.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.575030088 CET192.168.2.88.8.8.80x4146Standard query (0)f3461309.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.576998949 CET192.168.2.88.8.8.80xe087Standard query (0)f3461309.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.577696085 CET192.168.2.88.8.8.80x700bStandard query (0)h4444966.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.578957081 CET192.168.2.88.8.8.80xd562Standard query (0)h4444966.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.579508066 CET192.168.2.88.8.8.80x3a5bStandard query (0)r0965026.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.581290960 CET192.168.2.88.8.8.80x529dStandard query (0)r0965026.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.582808018 CET192.168.2.88.8.8.80x361dStandard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.584892988 CET192.168.2.88.8.8.80xf14Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.585561991 CET192.168.2.88.8.8.80x73b9Standard query (0)t1024579.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.586774111 CET192.168.2.88.8.8.80x800fStandard query (0)t1024579.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.393584013 CET192.168.2.81.1.1.10x845Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.371236086 CET192.168.2.88.8.8.80x78c1Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.373569965 CET192.168.2.88.8.8.80x43c3Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.838587999 CET192.168.2.88.8.8.80x4df5Standard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.840595961 CET192.168.2.88.8.8.80xfa0bStandard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.326422930 CET192.168.2.81.1.1.10xceefStandard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.887140989 CET1.1.1.1192.168.2.80x6b85No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.887140989 CET1.1.1.1192.168.2.80x6b85No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.887140989 CET1.1.1.1192.168.2.80x6b85No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:16.904055119 CET1.1.1.1192.168.2.80x77caNo error (0)iavs9x.u.avcdn.netiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.001771927 CET1.1.1.1192.168.2.80x32d7No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.001771927 CET1.1.1.1192.168.2.80x32d7No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:21.001771927 CET1.1.1.1192.168.2.80x32d7No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.535625935 CET1.1.1.1192.168.2.80x4acfNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.535625935 CET1.1.1.1192.168.2.80x4acfNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.656383038 CET1.1.1.1192.168.2.80x94ccNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.791275978 CET1.1.1.1192.168.2.80xd340No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:23.791275978 CET1.1.1.1192.168.2.80xd340No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.944917917 CET8.8.8.8192.168.2.80x341No error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.951606989 CET8.8.8.8192.168.2.80xabfbNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.953341007 CET8.8.8.8192.168.2.80xbf78No error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.954653025 CET8.8.8.8192.168.2.80xe173No error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.954996109 CET8.8.8.8192.168.2.80x4efbNo error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.955069065 CET8.8.8.8192.168.2.80xbeb8No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.957421064 CET8.8.8.8192.168.2.80xe263No error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.958117008 CET8.8.8.8192.168.2.80xc3e7No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.962038040 CET8.8.8.8192.168.2.80xede8No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.965198994 CET8.8.8.8192.168.2.80x10a2No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.968528032 CET8.8.8.8192.168.2.80xba22No error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:26.971864939 CET8.8.8.8192.168.2.80xc310No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.086524963 CET8.8.8.8192.168.2.80x852bNo error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.086894989 CET8.8.8.8192.168.2.80x51c3No error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.088318110 CET8.8.8.8192.168.2.80x8706No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.089720964 CET8.8.8.8192.168.2.80x2f61No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.090589046 CET8.8.8.8192.168.2.80xb493No error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.090708971 CET8.8.8.8192.168.2.80x9f09No error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.093683958 CET8.8.8.8192.168.2.80x4b0eNo error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.095022917 CET8.8.8.8192.168.2.80xc109No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.096225977 CET8.8.8.8192.168.2.80xa88dNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.096241951 CET8.8.8.8192.168.2.80xc4aNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.098015070 CET8.8.8.8192.168.2.80x3b2fNo error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:27.099327087 CET8.8.8.8192.168.2.80x3602No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.047278881 CET8.8.8.8192.168.2.80x7645No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.055469990 CET8.8.8.8192.168.2.80xdb8cNo error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.055742025 CET8.8.8.8192.168.2.80xe12No error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.055973053 CET8.8.8.8192.168.2.80xf660No error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.056416988 CET8.8.8.8192.168.2.80x6a23No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.058918953 CET8.8.8.8192.168.2.80x1379No error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.060755968 CET8.8.8.8192.168.2.80x389aNo error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.063565969 CET8.8.8.8192.168.2.80x6471No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.074054003 CET8.8.8.8192.168.2.80xd41cNo error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.074285030 CET8.8.8.8192.168.2.80xf93cNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.077357054 CET8.8.8.8192.168.2.80x7dd5No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.080338955 CET8.8.8.8192.168.2.80xd67aNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.188846111 CET8.8.8.8192.168.2.80xd479No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.191116095 CET8.8.8.8192.168.2.80xa893No error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.193399906 CET8.8.8.8192.168.2.80xc96fNo error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.197211027 CET8.8.8.8192.168.2.80xc26cNo error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.199537039 CET8.8.8.8192.168.2.80x7e66No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.200906038 CET8.8.8.8192.168.2.80xa17fNo error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.203411102 CET8.8.8.8192.168.2.80x7b6eNo error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.204132080 CET8.8.8.8192.168.2.80xf45fNo error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.204338074 CET8.8.8.8192.168.2.80x8267No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.205689907 CET8.8.8.8192.168.2.80xfeddNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.209718943 CET8.8.8.8192.168.2.80x24e6No error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:39.212419987 CET8.8.8.8192.168.2.80x5099No error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.483680010 CET8.8.8.8192.168.2.80x16a3No error (0)c3978047.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.487310886 CET8.8.8.8192.168.2.80xeed9No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.487328053 CET8.8.8.8192.168.2.80x2490No error (0)r0965026.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.487343073 CET8.8.8.8192.168.2.80x7fb0No error (0)f3461309.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.491513968 CET8.8.8.8192.168.2.80x563dNo error (0)r0965026.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.491532087 CET8.8.8.8192.168.2.80xb17bNo error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.493261099 CET8.8.8.8192.168.2.80xf185No error (0)f3461309.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.493278027 CET8.8.8.8192.168.2.80x645cNo error (0)c3978047.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.493293047 CET8.8.8.8192.168.2.80x8d3dNo error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.496012926 CET8.8.8.8192.168.2.80x811cNo error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.496031046 CET8.8.8.8192.168.2.80x5dd2No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.499386072 CET8.8.8.8192.168.2.80x1587No error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.671983957 CET8.8.8.8192.168.2.80xc310No error (0)c3978047.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.672012091 CET8.8.8.8192.168.2.80x700bNo error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.672367096 CET8.8.8.8192.168.2.80xf9c3No error (0)c3978047.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.673937082 CET8.8.8.8192.168.2.80x3a5bNo error (0)r0965026.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.675863028 CET8.8.8.8192.168.2.80xd562No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.677151918 CET8.8.8.8192.168.2.80xe087No error (0)f3461309.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.678328037 CET8.8.8.8192.168.2.80x4146No error (0)f3461309.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.680200100 CET8.8.8.8192.168.2.80x361dNo error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.680634022 CET8.8.8.8192.168.2.80x800fNo error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.683993101 CET8.8.8.8192.168.2.80xf14No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.686825037 CET8.8.8.8192.168.2.80x73b9No error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:40.691349983 CET8.8.8.8192.168.2.80x529dNo error (0)r0965026.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:41.483151913 CET1.1.1.1192.168.2.80x845No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.459369898 CET8.8.8.8192.168.2.80x78c1No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.459369898 CET8.8.8.8192.168.2.80x78c1No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.459369898 CET8.8.8.8192.168.2.80x78c1No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.461901903 CET8.8.8.8192.168.2.80x43c3No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.461901903 CET8.8.8.8192.168.2.80x43c3No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.461901903 CET8.8.8.8192.168.2.80x43c3No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.926629066 CET8.8.8.8192.168.2.80x4df5No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.926629066 CET8.8.8.8192.168.2.80x4df5No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.929007053 CET8.8.8.8192.168.2.80xfa0bNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:44.929007053 CET8.8.8.8192.168.2.80xfa0bNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.415157080 CET1.1.1.1192.168.2.80xceefNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.415157080 CET1.1.1.1192.168.2.80xceefNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:45.415157080 CET1.1.1.1192.168.2.80xceefNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                    • v7event.stats.avast.com
                                                                                                                                                                                                                                                                    • analytics.avcdn.net
                                                                                                                                                                                                                                                                    • shepherd.ff.avast.com

                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    0192.168.2.84970734.117.223.223807716C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.042632103 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    User-Agent: Avast Microstub/2.1
                                                                                                                                                                                                                                                                    Content-Length: 246
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.042728901 CET246OUTData Raw: 63 6f 6f 6b 69 65 3d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 41 46 45 32 31 37 31 37 38 32 30 37 34 44 42 44 45 45 30 45 46 44 42 31 32 46 41 35 36 32 42 38 39 43 31 31
                                                                                                                                                                                                                                                                    Data Ascii: cookie=edition=1event=microstub-startmidex=AFE2171782074DBDEE0EFDB12FA562B89C11DC1FCA1D6C7617C5AE085CA4EDC8stat_session=5eb1118f-4b9c-4afe-923b-812d0072da3astatsSendTime=1710362775os=win,10,0,2,19045,0,AMD64exe_version=2.1.99.0SfxVersi
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:17.200969934 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:17 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:18.968105078 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    User-Agent: Avast Microstub/2.1
                                                                                                                                                                                                                                                                    Content-Length: 260
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:18.968180895 CET260OUTData Raw: 63 6f 6f 6b 69 65 3d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 41 46 45 32 31 37 31 37 38 32 30 37 34 44 42 44 45 45 30 45 46 44 42 31 32 46 41 35 36 32 42 38 39
                                                                                                                                                                                                                                                                    Data Ascii: cookie=edition=1event=microstub-downloadmidex=AFE2171782074DBDEE0EFDB12FA562B89C11DC1FCA1D6C7617C5AE085CA4EDC8stat_session=5eb1118f-4b9c-4afe-923b-812d0072da3astatsSendTime=1710362777os=win,10,0,2,19045,0,AMD64exe_version=2.1.99.0SfxVe
                                                                                                                                                                                                                                                                    Mar 13, 2024 21:46:19.128947020 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:19 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google


                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    0192.168.2.84971234.117.223.2234437852C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    Content-MD5: TvsG+/X/F/qm+2eqF4rm1Q==
                                                                                                                                                                                                                                                                    User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                    Content-Length: 361
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC361OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 31 30 33 36 32 37 37 35 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 39 38 39 34 33 32 38 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 0a 6d 69 64 65 78 3d 61 66 65 32 31 37 31 37 38 32 30 37 34 64 62 64 65 65 30 65 66 64 62 31 32 66 61 35 36 32 62 38 39 63 31 31 64 63 31 66 63 61 31 64 36 63 37 36 31 37 63 35 61 65 30 38 35 63 61 34 65 64 63 38 0a 6f 73 3d 77 69 6e 2c 31 30 2c
                                                                                                                                                                                                                                                                    Data Ascii: SfxCreated=1710362775SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=9894328SfxVersion=24.2.8904.0edition=1event=stubguid=6d776c17-7c1a-493e-ae44-07235040614emidex=afe2171782074dbdee0efdb12fa562b89c11dc1fca1d6c7617c5ae085ca4edc8os=win,10,
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:21 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    1192.168.2.84971334.117.223.2234437852C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                    User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                    Content-Length: 581
                                                                                                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC581OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 31 2c 22 74 69 6d 65 22 3a 31 37 31 30 33 36 37 38 36 39 33 33 33 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 22 2c 22 68 77 69 64 22 3a 22 41 46 45 32 31 37 31 37 38 32 30 37 34 44 42 44 45 45 30 45 46 44 42 31 32 46 41 35 36 32 42 38 39 43 31 31 44 43 31 46 43 41 31 44 36 43 37 36 31 37 43 35 41 45 30 38 35 43 41 34 45 44 43 38 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 22 7d 2c 22 69 6e 73 74 75 70 22 3a 7b 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 35 65 62 31 31 31
                                                                                                                                                                                                                                                                    Data Ascii: {"record":[{"event":{"subtype":1,"time":1710367869333,"type":70},"identity":{"guid":"6d776c17-7c1a-493e-ae44-07235040614e","hwid":"AFE2171782074DBDEE0EFDB12FA562B89C11DC1FCA1D6C7617C5AE085CA4EDC8"},"installation":{"aiid":""},"instup":{"session_id":"5eb111
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:21 GMT
                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                    2024-03-13 20:46:21 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    2192.168.2.84971434.117.223.2234437852C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:22 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    Content-MD5: TvsG+/X/F/qm+2eqF4rm1Q==
                                                                                                                                                                                                                                                                    User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                    Content-Length: 361
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    2024-03-13 20:46:22 UTC361OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 31 30 33 36 32 37 37 35 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 39 38 39 34 33 32 38 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 0a 6d 69 64 65 78 3d 61 66 65 32 31 37 31 37 38 32 30 37 34 64 62 64 65 65 30 65 66 64 62 31 32 66 61 35 36 32 62 38 39 63 31 31 64 63 31 66 63 61 31 64 36 63 37 36 31 37 63 35 61 65 30 38 35 63 61 34 65 64 63 38 0a 6f 73 3d 77 69 6e 2c 31 30 2c
                                                                                                                                                                                                                                                                    Data Ascii: SfxCreated=1710362775SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=9894328SfxVersion=24.2.8904.0edition=1event=stubguid=6d776c17-7c1a-493e-ae44-07235040614emidex=afe2171782074dbdee0efdb12fa562b89c11dc1fca1d6c7617c5ae085ca4edc8os=win,10,
                                                                                                                                                                                                                                                                    2024-03-13 20:46:22 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:22 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    3192.168.2.84971634.117.223.2234437852C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:23 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    Content-MD5: TvsG+/X/F/qm+2eqF4rm1Q==
                                                                                                                                                                                                                                                                    User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                    Content-Length: 361
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    2024-03-13 20:46:23 UTC361OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 31 30 33 36 32 37 37 35 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 39 38 39 34 33 32 38 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 0a 6d 69 64 65 78 3d 61 66 65 32 31 37 31 37 38 32 30 37 34 64 62 64 65 65 30 65 66 64 62 31 32 66 61 35 36 32 62 38 39 63 31 31 64 63 31 66 63 61 31 64 36 63 37 36 31 37 63 35 61 65 30 38 35 63 61 34 65 64 63 38 0a 6f 73 3d 77 69 6e 2c 31 30 2c
                                                                                                                                                                                                                                                                    Data Ascii: SfxCreated=1710362775SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=9894328SfxVersion=24.2.8904.0edition=1event=stubguid=6d776c17-7c1a-493e-ae44-07235040614emidex=afe2171782074dbdee0efdb12fa562b89c11dc1fca1d6c7617c5ae085ca4edc8os=win,10,
                                                                                                                                                                                                                                                                    2024-03-13 20:46:23 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:23 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    4192.168.2.84971734.160.176.284438068C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                    Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                    User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                    Content-Length: 243
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC243OUTData Raw: 64 61 74 61 3d 43 41 41 51 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 59 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 67 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 71 41 47 49 43 43 67 43 49 41 51 44 4b 41 79 51 32 5a 44 63 33 4e 6d 4d 78 4e 79 30 33 59 7a 46 68 4c 54 51 35 4d 32 55 74 59 57 55 30 4e 43 30 77 4e 7a 49 7a 4e 54 41 30 4d 44 59 78 4e 47 58 79 41 77 51 34 4d 54 6b 78 67 67 6c 41 51 55 5a 46 4d 6a 45 33 4d 54 63 34 4d 6a 41 33 4e 45 52 43 52 45 56 46 4d 45 56 47 52 45 49 78 4d 6b 5a 42 4e 54 59 79 51 6a 67 35 51 7a 45 78 52 45 4d 78 52 6b 4e 42 4d 55 51 32 51 7a 63 32 4d 54 64 44 4e 55 46 46 4d 44 67 31 51 30 45 30 52 55 52 44 4f 4e 6f 54 42 6d 6c 68 64 6e 4d 35 65 41 25 33 44 25 33 44
                                                                                                                                                                                                                                                                    Data Ascii: data=CAAQ%2F%2F%2F%2F%2Fw8Y%2F%2F%2F%2F%2Fw8g%2F%2F%2F%2F%2Fw8qAGICCgCIAQDKAyQ2ZDc3NmMxNy03YzFhLTQ5M2UtYWU0NC0wNzIzNTA0MDYxNGXyAwQ4MTkxgglAQUZFMjE3MTc4MjA3NERCREVFMEVGREIxMkZBNTYyQjg5QzExREMxRkNBMUQ2Qzc2MTdDNUFFMDg1Q0E0RURDONoTBmlhdnM5eA%3D%3D
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:24 GMT
                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                    Content-Length: 29422
                                                                                                                                                                                                                                                                    AB-Tests: 62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:a
                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                    Config-Id: 5
                                                                                                                                                                                                                                                                    Config-Name: Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_versions-older-than-23.1_opening-browser-onboarding_old-smartscan_usa_ipm_6513_open_ui_b_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-bc63bbfcbda3ef73c9a0ab66059cb5dc04bc838bf26db3920f9cea2c5e4e78ba
                                                                                                                                                                                                                                                                    Config-Version: 4916
                                                                                                                                                                                                                                                                    Segments: websocket testing,ipm_6363_chrome_offer_setup_free,free,production new installs,version 18.6 and higher,production,quic sni block release stage 2,v2017,hns pre-scan enabled countries,noomnianda1,phone support tile,avast 18 r7 and 18 r8,fs and idp integration,cef settings off,versions older than 23.1,opening browser onboarding,old smartscan,usa,ipm_6513_open_ui_b,test akamai,test pam no master password,v18.5 and higher,cleanup premium installation,release - iavs9x only,version 19.1 and older
                                                                                                                                                                                                                                                                    TTL: 86400
                                                                                                                                                                                                                                                                    TTL-Spread: 43200
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: clear
                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                                                                                                                    Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 46 4a 54 45 56 45 58 7a 4d 30 4e 79 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 42 76 63 48 56 77 49 69 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 51 33 4c 43 4a 6a 62 32 35 7a 64 48 4a 68 61 57 35 30 63 79 49 36 65 79 4a 68 62 6d 51 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 78 70 64 43 4a 39 4c 44 45 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 47 56 34 49 6e 30 73 4d 54 56 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 47 56 34 49 6e 30 73 4d 46 31 39 4c 48 73 69 62
                                                                                                                                                                                                                                                                    Data Ascii: FJTEVEXzM0NyIsInBsYWNlbWVudCI6InBvcHVwIiwiZWxlbWVudCI6MzQ3LCJjb25zdHJhaW50cyI6eyJhbmQiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2xpdCJ9LDEwXX0seyJsZXNzZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbGV4In0sMTVdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbGV4In0sMF19LHsib
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 48 73 69 61 57 51 69 4f 69 4a 44 54 45 39 54 52 56 39 50 52 6b 5a 46 55 6c 39 46 56 6b 56 4f 56 46 39 55 52 56 4e 55 58 30 39 47 52 6c 39 57 51 56 4a 4a 51 55 35 55 58 30 4d 69 4c 43 4a 77 62 47 46 6a 5a 57 31 6c 62 6e 51 69 4f 69 4a 77 62 33 42 31 63 43 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 4d 33 4e 69 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 43 77 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4e 6a 42 39
                                                                                                                                                                                                                                                                    Data Ascii: HsiaWQiOiJDTE9TRV9PRkZFUl9FVkVOVF9URVNUX09GRl9WQVJJQU5UX0MiLCJwbGFjZW1lbnQiOiJwb3B1cCIsImVsZW1lbnQiOjM3Niwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0cnlBZ2FpbkFmdGVyIjozMCwidGltZVRvTGl2ZUFjdGl2ZU1zZyI6NjB9
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 4c 43 4a 31 63 6d 77 69 4f 6e 73 69 63 47 46 79 59 57 31 7a 49 6a 70 62 65 79 4a 32 59 57 78 31 5a 53 49 36 49 6a 45 69 4c 43 4a 75 59 57 31 6c 49 6a 6f 69 59 57 4e 30 61 57 39 75 49 6e 30 73 65 79 4a 32 59 57 78 31 5a 53 49 36 49 6a 45 69 4c 43 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 30 59 6d 4d 69 66 53 78 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 7a 67 77 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 5a 57 78 74 49 6e 30 73 65 79 4a 32 59 57 78 31 5a 53 49 36 49 6b 46 57 51 56 4e 55 58 30 39 51 52 55 35 66 56 55 6c 66 54 30 39 66 4d 54 67 32 4d 54 45 69 4c 43 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 74 61 57 51 69 66 56 31 39 66 53 78 37 49 6d 6c 6b 49 6a 6f 69 51 56 5a 42 55 31 52 66 51 56 5a 66 52 55 46 53 54 46 6c 66 55 6b 56 4f 52 56 64 42 54 46 39
                                                                                                                                                                                                                                                                    Data Ascii: LCJ1cmwiOnsicGFyYW1zIjpbeyJ2YWx1ZSI6IjEiLCJuYW1lIjoiYWN0aW9uIn0seyJ2YWx1ZSI6IjEiLCJuYW1lIjoicF90YmMifSx7InZhbHVlIjoiMzgwIiwibmFtZSI6InBfZWxtIn0seyJ2YWx1ZSI6IkFWQVNUX09QRU5fVUlfT09fMTg2MTEiLCJuYW1lIjoicF9taWQifV19fSx7ImlkIjoiQVZBU1RfQVZfRUFSTFlfUkVORVdBTF9
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 39 4c 44 45 35 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6e 4a 6c 63 47 56 68 64 46 39 70 62 6e 52 6c 63 6e 5a 68 62 43 4a 39 4c 44 45 30 4e 44 42 64 66 56 31 39 4c 43 4a 76 63 48 52 70 62 32 35 7a 49 6a 70 37 49 6d 78 68 64 57 35 6a 61 45 39 77 64 47 6c 76 62 69 49 36 65 79 4a 75 62 33 52 70 5a 6e 6c 4d 61 57 31 70 64 47 56 79 53 55 51 69 4f 69 4a 6c 65 48 42 70 63 6d 46 30 61 57 39 75 49 69 77 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 61 57 31 6c 56 47 39 4d 61 58 5a 6c 51 57 4e 30 61 58 5a 6c 54 58 4e 6e 49 6a 6f 7a 4e 6a 41 73 49 6e 52 79 65 55 46 6e 59 57
                                                                                                                                                                                                                                                                    Data Ascii: 9LDE5XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6InJlcGVhdF9pbnRlcnZhbCJ9LDE0NDBdfV19LCJvcHRpb25zIjp7ImxhdW5jaE9wdGlvbiI6eyJub3RpZnlMaW1pdGVySUQiOiJleHBpcmF0aW9uIiwiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0aW1lVG9MaXZlQWN0aXZlTXNnIjozNjAsInRyeUFnYW
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 6c 65 43 4a 39 4c 43 30 32 4d 46 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 47 56 34 49 6e 30 73 4c 54 45 31 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 48 4e 30 49 6e 30 73 4d 56 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 48 4e 30 49 6e 30 73 4d 31 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64
                                                                                                                                                                                                                                                                    Data Ascii: 19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxleCJ9LC02MF19LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbGV4In0sLTE1XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbHN0In0sMV19LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbHN0In0sM119LHsiZ3JlYXRlcSI6W3sid
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 6f 44 65 74 65 63 74 4e 65 77 41 70 70 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 42 6c 6f 63 6b 44 69 73 74 72 61 63 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 41 76 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 44 72 61 77 4f 76 65 72 57 69 6e 64 6f 77 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 57 69 6e 64 6f 77 73 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 57 69 6e 55 70 64 61 74 65 41 75 74 6f 52 65 62 6f 6f 74 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 45 6e
                                                                                                                                                                                                                                                                    Data Ascii: oDetectNewApps_Enabled=1GameRule_BlockDistractions_Enabled=1GameRule_DisableAvNotifications_Enabled=1GameRule_DisableDrawOverWindow_Enabled=0GameRule_DisableWindowsNotifications_Enabled=1GameRule_DisableWinUpdateAutoReboot_Enabled=1GameRule_En
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 53 43 41 4e 5f 42 41 43 4b 45 4e 44 5f 55 52 4c 5f 56 36 3d 68 74 74 70 73 3a 2f 2f 6f 75 74 73 69 64 65 2d 73 63 61 6e 6e 65 72 2d 76 36 2e 66 66 2e 61 76 61 73 74 2e 63 6f 6d 2f 76 32 2f 69 6e 73 70 65 63 74 69 6f 6e 0d 0a 4f 55 54 53 49 44 45 5f 53 43 41 4e 5f 45 53 53 45 4e 54 49 41 4c 5f 50 52 4f 42 45 53 3d 7b 22 70 72 6f 62 65 73 22 3a 5b 7b 22 70 6f 72 74 22 3a 32 31 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 32 32 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 32 33 2c 22 74 79 70 65 22 3a 22 74 65 6c 6e 65 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 38 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 31 33 35 2c 22 74 79 70 65 22 3a
                                                                                                                                                                                                                                                                    Data Ascii: SCAN_BACKEND_URL_V6=https://outside-scanner-v6.ff.avast.com/v2/inspectionOUTSIDE_SCAN_ESSENTIAL_PROBES={"probes":[{"port":21,"type":"tcp_connect"},{"port":22,"type":"tcp_connect"},{"port":23,"type":"telnet"},{"port":80,"type":"http"},{"port":135,"type":
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC1575INData Raw: 2c 70 5f 62 68 79 2c 70 5f 62 69 64 2c 70 5f 61 64 64 2c 62 63 5f 63 63 64 2c 62 63 5f 6d 61 63 2c 62 63 5f 73 70 64 2c 62 63 5f 6c 65 78 2c 62 63 5f 72 65 73 2c 62 63 5f 61 73 64 2c 62 63 5f 73 6c 70 2c 62 63 5f 73 6c 74 2c 62 63 5f 73 6c 61 2c 62 63 5f 61 76 74 2c 62 63 5f 74 6e 64 2c 62 63 5f 75 6e 70 2c 62 63 5f 73 74 61 2c 62 63 5f 74 73 64 2c 62 63 5f 74 72 65 2c 62 63 5f 74 79 70 2c 70 5f 63 6c 76 2c 70 5f 63 63 73 73 2c 70 5f 62 63 68 70 61 6d 2c 70 5f 62 63 68 73 70 2c 70 5f 63 75 61 63 61 67 65 2c 70 5f 63 62 6e 2c 70 5f 63 6d 72 75 2c 70 5f 63 69 73 73 2c 70 5f 63 75 66 6c 2c 70 5f 63 72 69 64 2c 70 5f 63 6f 69 6e 2c 70 5f 69 69 64 2c 70 5f 69 64 77 2c 70 5f 74 76 61 2c 70 5f 64 62 74 73 2c 70 5f 64 62 74 75 2c 70 5f 74 72 6c 6c 6f 2c 70 5f 64
                                                                                                                                                                                                                                                                    Data Ascii: ,p_bhy,p_bid,p_add,bc_ccd,bc_mac,bc_spd,bc_lex,bc_res,bc_asd,bc_slp,bc_slt,bc_sla,bc_avt,bc_tnd,bc_unp,bc_sta,bc_tsd,bc_tre,bc_typ,p_clv,p_ccss,p_bchpam,p_bchsp,p_cuacage,p_cbn,p_cmru,p_ciss,p_cufl,p_crid,p_coin,p_iid,p_idw,p_tva,p_dbts,p_dbtu,p_trllo,p_d


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    5192.168.2.84971834.117.223.2234437852C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    Content-MD5: TvsG+/X/F/qm+2eqF4rm1Q==
                                                                                                                                                                                                                                                                    User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                    Content-Length: 361
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC361OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 31 30 33 36 32 37 37 35 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 39 38 39 34 33 32 38 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 0a 6d 69 64 65 78 3d 61 66 65 32 31 37 31 37 38 32 30 37 34 64 62 64 65 65 30 65 66 64 62 31 32 66 61 35 36 32 62 38 39 63 31 31 64 63 31 66 63 61 31 64 36 63 37 36 31 37 63 35 61 65 30 38 35 63 61 34 65 64 63 38 0a 6f 73 3d 77 69 6e 2c 31 30 2c
                                                                                                                                                                                                                                                                    Data Ascii: SfxCreated=1710362775SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=9894328SfxVersion=24.2.8904.0edition=1event=stubguid=6d776c17-7c1a-493e-ae44-07235040614emidex=afe2171782074dbdee0efdb12fa562b89c11dc1fca1d6c7617c5ae085ca4edc8os=win,10,
                                                                                                                                                                                                                                                                    2024-03-13 20:46:24 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:24 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    6192.168.2.84973834.160.176.28443432C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:41 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                    Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                    User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                    Content-Length: 195
                                                                                                                                                                                                                                                                    2024-03-13 20:46:41 UTC195OUTData Raw: 64 61 74 61 3d 43 41 41 51 47 42 67 43 49 4e 67 76 4b 67 42 69 41 67 6f 41 69 41 45 41 79 67 4d 6b 4e 6d 51 33 4e 7a 5a 6a 4d 54 63 74 4e 32 4d 78 59 53 30 30 4f 54 4e 6c 4c 57 46 6c 4e 44 51 74 4d 44 63 79 4d 7a 55 77 4e 44 41 32 4d 54 52 6c 38 67 4d 45 4f 44 45 35 4d 59 49 4a 51 45 46 47 52 54 49 78 4e 7a 45 33 4f 44 49 77 4e 7a 52 45 51 6b 52 46 52 54 42 46 52 6b 52 43 4d 54 4a 47 51 54 55 32 4d 6b 49 34 4f 55 4d 78 4d 55 52 44 4d 55 5a 44 51 54 46 45 4e 6b 4d 33 4e 6a 45 33 51 7a 56 42 52 54 41 34 4e 55 4e 42 4e 45 56 45 51 7a 6a 61 45 77 5a 70 59 58 5a 7a 4f 58 67 25 33 44
                                                                                                                                                                                                                                                                    Data Ascii: data=CAAQGBgCINgvKgBiAgoAiAEAygMkNmQ3NzZjMTctN2MxYS00OTNlLWFlNDQtMDcyMzUwNDA2MTRl8gMEODE5MYIJQEFGRTIxNzE3ODIwNzREQkRFRTBFRkRCMTJGQTU2MkI4OUMxMURDMUZDQTFENkM3NjE3QzVBRTA4NUNBNEVEQzjaEwZpYXZzOXg%3D
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC3279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:41 GMT
                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                    Content-Length: 32860
                                                                                                                                                                                                                                                                    AB-Tests: 19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:a
                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                    Config-Id: 5
                                                                                                                                                                                                                                                                    Config-Name: Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_hide-att-url-params_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_noomnianda1_smartscanfreetrail_smartscan-free---antivirus---win10---ab-test_aosstorelink_enableddwm_enablehns3_performator_phone-support-tile_avast-forrelease-24.2_version-20.1-plus_fs-and-idp-integration_cef-72.3_v19.1-and-higher-on_opening-browser-onboarding_smartscan-free---antivirus---win10_opm_burger_tracking_limitation_usa_av-24.2-and-higher_multidetection_ipm_6515_6516_vps_sites_test_b_ipm_5258_campaign_toaster_reach_test_a_ipm_6513_open_ui_b_a1-migration-button_test-akamai_test-pam-no-master-password_v18.5-and-higher_installation-telemetry_cleanup-premium-installation_release---iavs9x-only_newuninstallsurvey-96bb3a563f62de84cf0d7240462575b6fff37fb52c7857e4a7a151ef00945db6
                                                                                                                                                                                                                                                                    Config-Version: 4916
                                                                                                                                                                                                                                                                    Segments: websocket testing,email signatures,ipm_6363_chrome_offer_setup_free,asb and chrome since 21.2,version 23.2 and higher not in fr de,free,production new installs,disabled aos sideloading,web purchase - autoactivation,webshield tls processes - release,v19.1 and higher free,ipm_4932_opm_pus_fullscale,version 18.6 and higher,production,hide att url params,webshield.quic.block - fraction test setup,quic sni block release stage 2,quic on,versions 22.1 and higher,previous version,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,v2017,globalflags - streamproduction ,devicewatcheron,hns pre-scan enabled countries,version 20.9 and higher,pups in avast rollout,winre bts,noomnianda1,smartscanfreetrail,smartscan free - antivirus - win10 - ab test,aosstorelink,enableddwm,enablehns3,performator,phone support tile,avast forrelease 24.2,version 20.1 plus,fs and idp integration,cef 72.3,v19.1 and higher on,opening browser onboarding,smartscan free - antivirus - win10,opm_burger_tracking_limitation,usa,av 24.2 and higher,multidetection,ipm_6515_6516_vps_sites_test_b,ipm_5258_campaign_toaster_reach_test_a,ipm_6513_open_ui_b,a1 migration button,test akamai,test pam no master password,v18.5 and higher,installation telemetry,cleanup premium installation,release - iavs9x only,newuninstallsurvey
                                                                                                                                                                                                                                                                    TTL: 86400
                                                                                                                                                                                                                                                                    TTL-Spread: 43200
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: clear
                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                                                                                                                    Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 63 6f 6d 2c 72 74 62 66 2e 62 65 2c 66 6f 72 6d 75 6c 61 31 2e 63 6f 6d 2c 77 65 61 74 68 65 72 2e 63 6f 6d 2c 6f 75 74 6c 6f 6f 6b 2e 6c 69 76 65 2e 63 6f 6d 2c 61 73 61 6e 61 2e 63 6f 6d 2c 70 72 6f 73 70 65 72 69 74 79 62 61 6e 6b 75 73 61 2e 63 6f 6d 2c 74 65 6c 65 66 6f 6e 69 63 61 2e 64 65 2c 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 2c 70 69 72 69 66 6f 72 6d 2e 63 6f 6d 2c 61 76 61 73 74 2e 63 6f 6d 2c 61 76 67 2e 63 6f 6d 2c 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2c 62 6f 6f 6b 69 6e 67 2e 63 6f 6d 2c 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 54 53 6b 69 70 70 65 64 49 6e 6a 45 78 74 3d 2d 0d 0a 41 54 53 6b 69 70 70 65 64 4f 62 73 45 78 74 3d 2d 0d 0a 41 76 61 73 74 49 6e 66 6f 43 61 72 74 52 65 71 75 65 73 74 55 72 6c 73 3d 68 74 74 70 73 3a 2f 2f 63 68 65
                                                                                                                                                                                                                                                                    Data Ascii: com,rtbf.be,formula1.com,weather.com,outlook.live.com,asana.com,prosperitybankusa.com,telefonica.de,ccleaner.com,piriform.com,avast.com,avg.com,facebook.com,booking.com,google.comATSkippedInjExt=-ATSkippedObsExt=-AvastInfoCartRequestUrls=https://che
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 6b 46 57 51 56 4e 55 58 30 46 57 58 30 4a 53 54 31 64 54 52 56 4a 66 53 55 35 44 54 30 64 4f 53 56 52 50 58 31 52 50 51 56 4e 55 52 56 4a 66 56 45 56 54 56 43 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 52 76 59 58 4e 30 5a 58 49 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 7a 4f 44 49 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 59 6e 4a 76 64 33 4e 6c 63 6c 39 70 62 6d 4e 76 5a 32 35 70 64 47 39 66 5a 57 35 68 59 6d 78 6c 5a 43 4a 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66
                                                                                                                                                                                                                                                                    Data Ascii: kFWQVNUX0FWX0JST1dTRVJfSU5DT0dOSVRPX1RPQVNURVJfVEVTVCIsInBsYWNlbWVudCI6InRvYXN0ZXIiLCJlbGVtZW50IjozODIsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiYnJvd3Nlcl9pbmNvZ25pdG9fZW5hYmxlZCJdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBf
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 43 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 63 32 78 73 63 33 51 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 33 5a 77 62 69 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 47 35 6e 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 73 61 57 51 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 78 7a 64 43 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 47 6c 30 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 73 61 57 4d 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 46 6a 63 43 4a 39 58 53 77 69 63 47 46 79 59 57 31 7a 49 6a 70 62 65 79 4a 75 59 57 31 6c 49 6a 6f 69 59 57 4e 30 61 57 39 75 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 49 78 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69
                                                                                                                                                                                                                                                                    Data Ascii: CJ9LHsibmFtZSI6InBfc2xsc3QifSx7Im5hbWUiOiJwX3ZwbiJ9LHsibmFtZSI6InBfbG5nIn0seyJuYW1lIjoicF9saWQifSx7Im5hbWUiOiJwX2xzdCJ9LHsibmFtZSI6InBfbGl0In0seyJuYW1lIjoicF9saWMifSx7Im5hbWUiOiJwX2FjcCJ9XSwicGFyYW1zIjpbeyJuYW1lIjoiYWN0aW9uIiwidmFsdWUiOiIxIn0seyJuYW1lIjoi
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 6d 35 68 62 57 55 69 4f 69 4a 77 58 33 52 69 59 79 4a 39 4c 48 73 69 64 6d 46 73 64 57 55 69 4f 69 49 78 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6d 46 6a 64 47 6c 76 62 69 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 57 6c 6b 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 4a 42 56 6b 46 54 56 46 39 42 56 6c 39 51 51 56 6c 4e 52 55 35 55 58 30 5a 42 53 55 78 46 52 46 38 7a 4e 44 63 69 66 53 78 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 7a 51 33 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 5a 57 78 74 49 6e 31 64 66 53 77 69 63 48 4a 70 62 33 4a 70 64 48 6b 69 4f 6a 45 79 4d 44 42 39 4c 48 73 69 61 57 51 69 4f 69 4a 44 54 45 39 54 52 56 39 50 52 6b 5a 46 55 6c 39 46 56 6b 56 4f 56 46 39 55 52 56 4e 55 58 30 39 47 52 6c 39 57 51 56 4a 4a 51 55 35 55
                                                                                                                                                                                                                                                                    Data Ascii: m5hbWUiOiJwX3RiYyJ9LHsidmFsdWUiOiIxIiwibmFtZSI6ImFjdGlvbiJ9LHsibmFtZSI6InBfbWlkIiwidmFsdWUiOiJBVkFTVF9BVl9QQVlNRU5UX0ZBSUxFRF8zNDcifSx7InZhbHVlIjoiMzQ3IiwibmFtZSI6InBfZWxtIn1dfSwicHJpb3JpdHkiOjEyMDB9LHsiaWQiOiJDTE9TRV9PRkZFUl9FVkVOVF9URVNUX09GRl9WQVJJQU5U
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 53 49 36 49 6d 46 6a 64 47 6c 76 62 69 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 78 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 56 73 62 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 7a 4e 7a 5a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 64 47 4a 6a 49 69 77 69 64 6d 46 73 64 57 55 69 4f 6a 46 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 57 6c 6b 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 4a 44 54 45 39 54 52 56 39 50 52 6b 5a 46 55 6c 39 46 56 6b 56 4f 56 46 39 55 52 56 4e 55 58 30 39 47 52 6c 39 57 51 56 4a 4a 51 55 35 55 58 30 4d 69 66 56 31 39 66 53 78 37 49 6d 6c 6b 49 6a 6f 69 51 56 5a 42 55 31 52 66 54 31 42 46 54 6c 39 56 53 56 39 50 54 31 38 78 4f 44 59 78 4d 53 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6d 4a 73
                                                                                                                                                                                                                                                                    Data Ascii: SI6ImFjdGlvbiIsInZhbHVlIjoxfSx7Im5hbWUiOiJwX2VsbSIsInZhbHVlIjozNzZ9LHsibmFtZSI6InBfdGJjIiwidmFsdWUiOjF9LHsibmFtZSI6InBfbWlkIiwidmFsdWUiOiJDTE9TRV9PRkZFUl9FVkVOVF9URVNUX09GRl9WQVJJQU5UX0MifV19fSx7ImlkIjoiQVZBU1RfT1BFTl9VSV9PT18xODYxMSIsInBsYWNlbWVudCI6ImJs
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 46 39 6c 62 47 30 69 66 53 78 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 51 56 5a 42 55 31 52 66 54 31 42 46 54 6c 39 56 53 56 39 50 54 31 38 78 4f 44 59 78 4d 53 49 73 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 31 70 5a 43 4a 39 58 58 31 39 4c 48 73 69 61 57 51 69 4f 69 4a 4f 51 55 64 66 52 56 68 51 53 56 4a 4a 54 6b 64 66 55 45 46 4e 58 30 46 57 51 56 4e 55 49 69 77 69 63 47 78 68 59 32 56 74 5a 57 35 30 49 6a 6f 69 63 47 39 77 64 58 41 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 79 4e 7a 4d 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 63 6d 38 69 66 53 77 77 58 58 30 73 65 79 4a 73
                                                                                                                                                                                                                                                                    Data Ascii: F9lbG0ifSx7InZhbHVlIjoiQVZBU1RfT1BFTl9VSV9PT18xODYxMSIsIm5hbWUiOiJwX21pZCJ9XX19LHsiaWQiOiJOQUdfRVhQSVJJTkdfUEFNX0FWQVNUIiwicGxhY2VtZW50IjoicG9wdXAiLCJlbGVtZW50IjoyNzMsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wcm8ifSwwXX0seyJs
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 6c 65 43 4a 39 4c 43 30 78 4e 56 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 47 56 34 49 6e 30 73 4d 46 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 46 64 66 53 78 37 49 6d 78 6c 63 33 4e 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 4e 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 77 49 6e 30 73 4d 54 6c 64
                                                                                                                                                                                                                                                                    Data Ascii: GUiOiJpcG0ucF9wbWxleCJ9LC0xNV19LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbGV4In0sMF19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDFdfSx7Imxlc3NlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDNdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVwIn0sMTld
                                                                                                                                                                                                                                                                    2024-03-13 20:46:42 UTC1252INData Raw: 44 51 77 58 58 31 64 66 53 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 5a 58 68 77 61 58 4a 68 64 47 6c 76 62 69 49 73 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4d 7a 59 77 4c 43 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 44 42 39 66 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 4c 43 4a 32
                                                                                                                                                                                                                                                                    Data Ascii: DQwXX1dfSwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsibm90aWZ5TGltaXRlcklEIjoiZXhwaXJhdGlvbiIsImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl2ZU1zZyI6MzYwLCJ0cnlBZ2FpbkFmdGVyIjozMDB9fX0sInVybCI6eyJwYXJhbXMiOlt7Im5hbWUiOiJhY3Rpb24iLCJ2


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    7192.168.2.84973934.117.223.223443432C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                    User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                    Content-Length: 471
                                                                                                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC471OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 32 2c 22 74 69 6d 65 22 3a 31 37 31 30 33 36 37 38 39 33 38 36 33 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 22 2c 22 68 77 69 64 22 3a 22 41 46 45 32 31 37 31 37 38 32 30 37 34 44 42 44 45 45 30 45 46 44 42 31 32 46 41 35 36 32 42 38 39 43 31 31 44 43 31 46 43 41 31 44 36 43 37 36 31 37 43 35 41 45 30 38 35 43 41 34 45 44 43 38 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 22 7d 2c 22 69 6e 73 74 75 70 22 3a 7b 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 35 65 62 31 31 31
                                                                                                                                                                                                                                                                    Data Ascii: {"record":[{"event":{"subtype":2,"time":1710367893863,"type":70},"identity":{"guid":"6d776c17-7c1a-493e-ae44-07235040614e","hwid":"AFE2171782074DBDEE0EFDB12FA562B89C11DC1FCA1D6C7617C5AE085CA4EDC8"},"installation":{"aiid":""},"instup":{"session_id":"5eb111
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:45 GMT
                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    8192.168.2.84974034.117.223.223443432C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC202OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                    User-Agent: avast! Antivirus
                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                    Content-MD5: cZgAn3eS5yq/fKHt8fnI6w==
                                                                                                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                    Content-Length: 297
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC297OUTData Raw: 49 6e 73 74 75 70 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 69 6e 73 74 61 6c 6c 5f 69 6e 74 72 6f 0a 67 75 69 64 3d 36 64 37 37 36 63 31 37 2d 37 63 31 61 2d 34 39 33 65 2d 61 65 34 34 2d 30 37 32 33 35 30 34 30 36 31 34 65 0a 6d 69 64 65 78 3d 61 66 65 32 31 37 31 37 38 32 30 37 34 64 62 64 65 65 30 65 66 64 62 31 32 66 61 35 36 32 62 38 39 63 31 31 64 63 31 66 63 61 31 64 36 63 37 36 31 37 63 35 61 65 30 38 35 63 61 34 65 64 63 38 0a 6f 70 65 72 61 74 69 6f 6e 3d 32 0a 6f 73 3d 77 69 6e 2c 31 30 2c 30 2c 32 2c 31 39 30 34 35 2c 30 2c 41 4d 44 36 34 0a 73 74 61 74 5f 73 65 73 73 69 6f 6e 3d 35 65 62 31 31 31 38 66 2d 34 62 39 63 2d 34 61 66 65 2d 39 32 33 62 2d 38 31 32 64 30 30 37 32 64
                                                                                                                                                                                                                                                                    Data Ascii: InstupVersion=24.2.8904.0edition=1event=install_introguid=6d776c17-7c1a-493e-ae44-07235040614emidex=afe2171782074dbdee0efdb12fa562b89c11dc1fca1d6c7617c5ae085ca4edc8operation=2os=win,10,0,2,19045,0,AMD64stat_session=5eb1118f-4b9c-4afe-923b-812d0072d
                                                                                                                                                                                                                                                                    2024-03-13 20:46:45 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:46:45 GMT
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    9192.168.2.84974334.117.223.223443432C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-03-13 20:47:44 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                    Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                                                    User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                    Content-Length: 542
                                                                                                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                    2024-03-13 20:47:44 UTC542OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a bd 92 4d 6b d4 60 10 c7 37 6d 69 d7 50 61 5d 11 74 4f 21 f4 d0 42 93 3e cf 93 e7 25 39 b9 79 b5 15 17 cb 6e d7 8a e4 b0 d9 ec b4 1b 88 49 79 92 d2 15 f1 43 e8 97 10 44 f0 ee c1 b3 de 3c 7a f3 ab 98 88 08 82 48 4f ce e9 3f 33 cc fc 66 e0 af 7e da 54 97 de d0 8d 42 82 05 16 36 41 82 06 5e 10 86 28 8c 02 0f 93 c8 65 9c 78 b6 e3 63 1c f8 38 f2 5d 1c 70 5f 70 2c 7c e6 86 c8 66 be 4b c3 c0 b7 1f ee f0 85 10 3c c5 c2 10 29 4e 0c ea 58 60 24 40 a9 81 04 b1 18 a2 88 63 0a fd 8f 1b ea 86 72 e7 a6 d2 7b f7 e6 f5 f7 ed dd d5 b3 b7 1b 6a d6 55 fa 47 93 f2 ac be 4a 24 c4 0f ca f2 3c 87 78 7a b1 48 6a 88 fd 3c 83 a2 9e d4 ad 7e 69 bb dc 09 2c ca 8c 80 71 6a 50 6e a5 86 1b 45 d8 68 cb 4e c8 2c 14 39 fc d5 60 2b 4f aa 5a 5e 16 fa 2d 6c 59 14
                                                                                                                                                                                                                                                                    Data Ascii: Mk`7miPa]tO!B>%9ynIyCD<zHO?3f~TB6A^(exc8]p_p,|fK<)NX`$@cr{jUGJ$<xzHj<~i,qjPnEhN,9`+OZ^-lY
                                                                                                                                                                                                                                                                    2024-03-13 20:47:44 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                    Date: Wed, 13 Mar 2024 20:47:44 GMT
                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                    Content-Length: 24
                                                                                                                                                                                                                                                                    X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                    2024-03-13 20:47:44 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                    Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                    Start time:21:46:15
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                    Imagebase:0xea0000
                                                                                                                                                                                                                                                                    File size:263'576 bytes
                                                                                                                                                                                                                                                                    MD5 hash:02BD5DD672A21A001E4B82E2A6031D30
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                    Start time:21:46:17
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.80de90b54f96a0a4\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4
                                                                                                                                                                                                                                                                    Imagebase:0x7ff764b60000
                                                                                                                                                                                                                                                                    File size:9'894'328 bytes
                                                                                                                                                                                                                                                                    MD5 hash:3EE70E7C9C9C36265A818BA9771BBD4C
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                    Start time:21:46:21
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.a9fa3c9ddc728b38\Instup.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.a9fa3c9ddc728b38\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4
                                                                                                                                                                                                                                                                    Imagebase:0x7ff72da20000
                                                                                                                                                                                                                                                                    File size:3'902'920 bytes
                                                                                                                                                                                                                                                                    MD5 hash:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                    Start time:21:46:37
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.a9fa3c9ddc728b38 /edition:1 /prod:ais /stub_mapping_guid:567e945f-be2d-4675-97a4-1ba349bc769b:9894328 /guid:6d776c17-7c1a-493e-ae44-07235040614e /ga_clientid:5eb1118f-4b9c-4afe-923b-812d0072da3a /edat_dir:C:\Windows\Temp\asw.80de90b54f96a0a4 /online_installer
                                                                                                                                                                                                                                                                    Imagebase:0x7ff6ae5f0000
                                                                                                                                                                                                                                                                    File size:3'902'920 bytes
                                                                                                                                                                                                                                                                    MD5 hash:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                    Start time:21:46:44
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevated
                                                                                                                                                                                                                                                                    Imagebase:0xb70000
                                                                                                                                                                                                                                                                    File size:2'412'488 bytes
                                                                                                                                                                                                                                                                    MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                    Start time:21:46:44
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" /check_secure_browser
                                                                                                                                                                                                                                                                    Imagebase:0xb70000
                                                                                                                                                                                                                                                                    File size:2'412'488 bytes
                                                                                                                                                                                                                                                                    MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                    Start time:21:46:44
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChrome -elevated
                                                                                                                                                                                                                                                                    Imagebase:0xb70000
                                                                                                                                                                                                                                                                    File size:2'412'488 bytes
                                                                                                                                                                                                                                                                    MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                    Start time:21:46:44
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.a9fa3c9ddc728b38\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
                                                                                                                                                                                                                                                                    Imagebase:0xb70000
                                                                                                                                                                                                                                                                    File size:2'412'488 bytes
                                                                                                                                                                                                                                                                    MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                    Start time:21:46:45
                                                                                                                                                                                                                                                                    Start date:13/03/2024
                                                                                                                                                                                                                                                                    Path:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
                                                                                                                                                                                                                                                                    Imagebase:0xe50000
                                                                                                                                                                                                                                                                    File size:2'412'488 bytes
                                                                                                                                                                                                                                                                    MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:11.9%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:19.2%
                                                                                                                                                                                                                                                                      Total number of Nodes:1399
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:19
                                                                                                                                                                                                                                                                      execution_graph 14667 eb05f8 14668 eb0608 14667->14668 14671 ea7ae6 14668->14671 14697 ea7847 14671->14697 14673 ea7af6 14674 ea7b53 14673->14674 14684 ea7b77 14673->14684 14675 ea7a84 DloadReleaseSectionWriteAccess 8 API calls 14674->14675 14676 ea7b5e RaiseException 14675->14676 14677 ea7d4c 14676->14677 14678 ea7c62 14683 ea7cc0 GetProcAddress 14678->14683 14691 ea7d1e 14678->14691 14679 ea7bef LoadLibraryExA 14680 ea7c02 GetLastError 14679->14680 14681 ea7c50 14679->14681 14682 ea7c2b 14680->14682 14694 ea7c15 14680->14694 14681->14678 14685 ea7c5b FreeLibrary 14681->14685 14686 ea7a84 DloadReleaseSectionWriteAccess 8 API calls 14682->14686 14687 ea7cd0 GetLastError 14683->14687 14683->14691 14684->14678 14684->14679 14684->14681 14684->14691 14685->14678 14689 ea7c36 RaiseException 14686->14689 14692 ea7ce3 14687->14692 14689->14677 14690 ea7a84 DloadReleaseSectionWriteAccess 8 API calls 14693 ea7d04 RaiseException 14690->14693 14708 ea7a84 14691->14708 14692->14690 14692->14691 14695 ea7847 DloadAcquireSectionWriteAccess 8 API calls 14693->14695 14694->14681 14694->14682 14696 ea7d1b 14695->14696 14696->14691 14698 ea7879 14697->14698 14699 ea7853 14697->14699 14698->14673 14716 ea78ed 14699->14716 14701 ea7858 14702 ea7874 14701->14702 14721 ea7a16 14701->14721 14726 ea787a 14702->14726 14706 ea7adb 14706->14673 14707 ea7ad7 RtlReleaseSRWLockExclusive 14707->14673 14709 ea7ab8 14708->14709 14710 ea7a96 14708->14710 14709->14677 14711 ea78ed DloadAcquireSectionWriteAccess 4 API calls 14710->14711 14713 ea7a9b 14711->14713 14712 ea7ab3 14736 ea7aba 14712->14736 14713->14712 14714 ea7a16 DloadProtectSection 3 API calls 14713->14714 14714->14712 14717 ea787a DloadGetSRWLockFunctionPointers 3 API calls 14716->14717 14718 ea78f2 14717->14718 14719 ea790a RtlAcquireSRWLockExclusive 14718->14719 14720 ea790e 14718->14720 14719->14701 14720->14701 14724 ea7a2b DloadObtainSection 14721->14724 14722 ea7a31 14722->14702 14723 ea7a66 VirtualProtect 14723->14722 14724->14722 14724->14723 14732 ea792c VirtualQuery 14724->14732 14727 ea7888 14726->14727 14729 ea789d 14726->14729 14728 ea788c GetModuleHandleW 14727->14728 14727->14729 14728->14729 14730 ea78a1 GetProcAddress 14728->14730 14729->14706 14729->14707 14730->14729 14731 ea78b1 GetProcAddress 14730->14731 14731->14729 14733 ea7947 14732->14733 14734 ea7952 GetSystemInfo 14733->14734 14735 ea7989 14733->14735 14734->14735 14735->14723 14737 ea787a DloadGetSRWLockFunctionPointers 3 API calls 14736->14737 14738 ea7abf 14737->14738 14739 ea7adb 14738->14739 14740 ea7ad7 RtlReleaseSRWLockExclusive 14738->14740 14739->14709 14740->14709 16981 ea21b0 16982 ea21e5 ___scrt_fastfail 16981->16982 16983 ea23e1 16982->16983 16984 ea21f4 16982->16984 16986 ea23e6 16983->16986 16987 ea2447 16983->16987 16985 ea2228 16984->16985 16989 ea2269 GetWindowRect GetModuleHandleW GetProcAddress GetVersionExW 16984->16989 16990 ea2201 16984->16990 16988 eb0bbe CatchGuardHandler 5 API calls 16985->16988 16991 ea241a InvalidateRect 16986->16991 16992 ea23ee 16986->16992 16987->16985 17000 ea3b30 6 API calls 16987->17000 16993 ea2479 16988->16993 16998 ea22e6 16989->16998 16999 ea23b5 SetTimer DefWindowProcW 16989->16999 16994 ea2230 KillTimer InterlockedExchange DefWindowProcW 16990->16994 16995 ea2206 16990->16995 16996 ea2428 DefWindowProcW 16991->16996 16992->16996 16997 ea23f6 DefWindowProcW 16992->16997 17003 eb0bbe CatchGuardHandler 5 API calls 16994->17003 16995->16996 17001 ea220f 16995->17001 17004 eb0bbe CatchGuardHandler 5 API calls 16996->17004 17002 eb0bbe CatchGuardHandler 5 API calls 16997->17002 17005 ea2361 16998->17005 17014 ea22f9 16998->17014 17015 ea2330 16998->17015 17007 eb0bbe CatchGuardHandler 5 API calls 16999->17007 17006 ea245b ShutdownBlockReasonCreate 17000->17006 17027 ea1fc0 17001->17027 17010 ea2414 17002->17010 17012 ea2263 17003->17012 17013 ea2441 17004->17013 17005->16999 17011 ea2363 LoadLibraryW 17005->17011 17006->16985 17008 ea23db 17007->17008 17018 ea23af 17011->17018 17019 ea2374 GetProcAddress 17011->17019 17014->17011 17020 ea2305 SetTimer DefWindowProcW 17014->17020 17015->17011 17017 ea2335 SetTimer DefWindowProcW 17015->17017 17021 eb0bbe CatchGuardHandler 5 API calls 17017->17021 17018->16999 17022 ea23a8 FreeLibrary 17019->17022 17026 ea238a 17019->17026 17023 eb0bbe CatchGuardHandler 5 API calls 17020->17023 17025 ea235b 17021->17025 17022->17018 17024 ea232a 17023->17024 17026->17022 17028 ea1ff9 17027->17028 17029 ea212f 17027->17029 17031 ea200a 17028->17031 17033 eb0aca 5 API calls 17028->17033 17030 eb0aca 5 API calls 17029->17030 17032 ea2139 17030->17032 17034 ea204f CreateSolidBrush 17031->17034 17038 ea2017 17031->17038 17032->17028 17035 ea2149 CreateSolidBrush 17032->17035 17037 ea2175 17033->17037 17036 ea205f CreateSolidBrush 17034->17036 17041 eb0a80 4 API calls 17035->17041 17042 ea206f BeginPaint 17036->17042 17037->17031 17043 ea2185 CreateSolidBrush 17037->17043 17039 ea202e 17038->17039 17040 ea201c CreateSolidBrush 17038->17040 17039->17042 17044 ea203d CreateSolidBrush 17039->17044 17040->17036 17041->17028 17045 ea2081 FillRect FillRect EndPaint 17042->17045 17046 eb0a80 4 API calls 17043->17046 17044->17036 17048 eb0bbe CatchGuardHandler 5 API calls 17045->17048 17046->17031 17049 ea212b 17048->17049 17049->16985 17050 eb0684 17052 eb0623 17050->17052 17051 ea7ae6 ___delayLoadHelper2@8 17 API calls 17051->17052 17052->17050 17052->17051 14741 eb0762 14742 eb076e BuildCatchObjectHelperInternal 14741->14742 14771 eb0d67 14742->14771 14744 eb0775 14745 eb08c8 14744->14745 14748 eb079f 14744->14748 15213 eb10ff IsProcessorFeaturePresent 14745->15213 14747 eb08cf 14749 eb08d5 14747->14749 15217 eb7dc4 14747->15217 14757 eb07de ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 14748->14757 14782 eb7ae9 14748->14782 15220 eb7d76 14749->15220 14755 eb07be 14762 eb083f 14757->14762 15195 eb7d8c 14757->15195 14759 eb0845 14790 ea52f0 InterlockedExchange 14759->14790 14786 eb1219 14762->14786 14766 eb0865 14767 eb086e 14766->14767 15204 eb7d67 14766->15204 15207 eb0ef6 14767->15207 14772 eb0d70 14771->14772 15223 eb153d IsProcessorFeaturePresent 14772->15223 14776 eb0d81 14777 eb0d85 14776->14777 15234 eb84c7 14776->15234 14777->14744 14780 eb0d9c 14780->14744 14783 eb7b00 14782->14783 14784 eb0bbe CatchGuardHandler 5 API calls 14783->14784 14785 eb07b8 14784->14785 14785->14755 15191 eb7a8d 14785->15191 15316 eb1ee0 14786->15316 14789 eb123f 14789->14759 15318 ea33a0 14790->15318 14795 ea54d6 GetCurrentProcess 15348 ea7e70 OpenProcessToken 14795->15348 14796 ea5577 15371 ea8080 GetModuleHandleW GetProcAddress 14796->15371 14800 ea5583 14801 ea55c7 14800->14801 14802 ea5587 InterlockedExchange InterlockedExchange 14800->14802 15385 ea3b30 LoadStringW 14801->15385 14804 ea55b5 14802->14804 14814 ea5523 14802->14814 14808 ea3b70 9 API calls 14804->14808 14807 ea43e0 59 API calls 14811 ea75c8 14807->14811 14808->14814 14815 ea4440 61 API calls 14811->14815 14812 ea563b 15388 eacf50 14812->15388 14813 ea55e9 GetLastError 14813->14812 14817 ea55f6 InterlockedExchange 14813->14817 14814->14807 14818 ea75d4 14815->14818 14819 ea3b30 6 API calls 14817->14819 14820 ea75e9 14818->14820 14821 ea75e2 CloseHandle 14818->14821 14822 ea5612 14819->14822 14823 ea75fa 14820->14823 14824 ea75f3 CloseHandle 14820->14824 14821->14820 15479 ea11b0 FindWindowW 14822->15479 14829 ea760b 14823->14829 14830 ea7604 CloseHandle 14823->14830 14824->14823 14836 ea7fe0 30 API calls 14829->14836 14830->14829 14859 ea7610 ___scrt_fastfail 14836->14859 14841 ea3b30 6 API calls 14844 ea562d 14841->14844 14843 ea770d 14847 ea7717 ReleaseMutex CloseHandle 14843->14847 14848 ea7725 14843->14848 14845 ea11b0 2 API calls 14844->14845 14849 ea5633 14845->14849 14847->14848 15543 ea4170 14848->15543 14849->14814 14858 ea2d50 26 API calls 14863 ea7754 14858->14863 14859->14843 14883 ea7699 14859->14883 14866 ea2d50 26 API calls 14863->14866 14871 ea775f 14866->14871 14875 ea2d50 26 API calls 14871->14875 14877 ea776a 14875->14877 14882 ea2d50 26 API calls 14877->14882 14886 ea7775 14882->14886 15536 ea4000 14883->15536 14891 ea2d50 26 API calls 14886->14891 14895 ea7780 14891->14895 14892 ea76a0 _wcsrchr 14902 ea4000 26 API calls 14892->14902 14898 ea2d50 26 API calls 14895->14898 14901 ea778b 14898->14901 14905 ea2d50 26 API calls 14901->14905 14903 ea76b2 _wcsrchr 14902->14903 15540 ea4800 14903->15540 14907 ea7796 14905->14907 14912 ea2d50 26 API calls 14907->14912 14913 ea77a1 14912->14913 14918 ea2d50 26 API calls 14913->14918 14922 ea77ac 14918->14922 14927 eb0bbe CatchGuardHandler 5 API calls 14922->14927 14923 ea4800 26 API calls 14929 ea76dd 14923->14929 14932 ea77c6 14927->14932 14934 ea4000 26 API calls 14929->14934 15202 eb124f GetModuleHandleW 14932->15202 14938 ea76e7 CreateHardLinkW 14934->14938 14938->14843 14943 ea76f9 14938->14943 14949 ea4000 26 API calls 14943->14949 14953 ea7706 CopyFileW 14949->14953 14953->14843 15192 eb7abc 15191->15192 15193 eb0bbe CatchGuardHandler 5 API calls 15192->15193 15194 eb7ae5 15193->15194 15194->14757 15196 eb854a FindHandler 15195->15196 15197 eb7db4 __onexit 15195->15197 15198 eb8aa5 FindHandler 38 API calls 15196->15198 15197->14762 15201 eb855b 15198->15201 15199 eb8658 _abort 38 API calls 15200 eb8585 15199->15200 15201->15199 15203 eb0861 15202->15203 15203->14747 15203->14766 16869 eb7b41 15204->16869 15208 eb0f02 15207->15208 15212 eb0876 15208->15212 16947 eb84d9 15208->16947 15211 eb2da4 ___vcrt_uninitialize 8 API calls 15211->15212 15212->14755 15214 eb1114 ___scrt_fastfail 15213->15214 15215 eb11bf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15214->15215 15216 eb120a ___scrt_fastfail 15215->15216 15216->14747 15218 eb7b41 _abort 28 API calls 15217->15218 15219 eb7dd5 15218->15219 15219->14749 15221 eb7b41 _abort 28 API calls 15220->15221 15222 eb08dd 15221->15222 15224 eb0d7c 15223->15224 15225 eb2d7b 15224->15225 15226 eb2d80 ___vcrt_initialize_winapi_thunks 15225->15226 15245 eb3e2c 15226->15245 15230 eb2d96 15231 eb2da1 15230->15231 15259 eb3e68 15230->15259 15231->14776 15233 eb2d8e 15233->14776 15300 ebbeea 15234->15300 15237 eb2da4 15238 eb2dbe 15237->15238 15239 eb2dad 15237->15239 15238->14777 15240 eb30bf ___vcrt_uninitialize_ptd 6 API calls 15239->15240 15241 eb2db2 15240->15241 15242 eb3e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15241->15242 15243 eb2db7 15242->15243 15312 eb4129 15243->15312 15246 eb3e35 15245->15246 15248 eb3e5e 15246->15248 15249 eb2d8a 15246->15249 15263 eb40b9 15246->15263 15250 eb3e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15248->15250 15249->15233 15251 eb308c 15249->15251 15250->15249 15281 eb3fca 15251->15281 15255 eb30bc 15255->15230 15258 eb30a1 15258->15230 15260 eb3e92 15259->15260 15261 eb3e73 15259->15261 15260->15233 15262 eb3e7d DeleteCriticalSection 15261->15262 15262->15260 15262->15262 15268 eb3f5b 15263->15268 15265 eb40d3 15266 eb40f1 InitializeCriticalSectionAndSpinCount 15265->15266 15267 eb40dc 15265->15267 15266->15267 15267->15246 15269 eb3f83 15268->15269 15273 eb3f7f __crt_fast_encode_pointer 15268->15273 15269->15273 15274 eb3e97 15269->15274 15272 eb3f9d GetProcAddress 15272->15273 15273->15265 15279 eb3ea6 try_get_first_available_module 15274->15279 15275 eb3f50 15275->15272 15275->15273 15276 eb3ec3 LoadLibraryExW 15277 eb3ede GetLastError 15276->15277 15276->15279 15277->15279 15278 eb3f39 FreeLibrary 15278->15279 15279->15275 15279->15276 15279->15278 15280 eb3f11 LoadLibraryExW 15279->15280 15280->15279 15282 eb3f5b try_get_function 5 API calls 15281->15282 15283 eb3fe4 15282->15283 15284 eb3ffd TlsAlloc 15283->15284 15285 eb3096 15283->15285 15285->15258 15286 eb407b 15285->15286 15287 eb3f5b try_get_function 5 API calls 15286->15287 15288 eb4095 15287->15288 15289 eb40b0 TlsSetValue 15288->15289 15290 eb30af 15288->15290 15289->15290 15290->15255 15291 eb30bf 15290->15291 15292 eb30c9 15291->15292 15293 eb30cf 15291->15293 15295 eb4005 15292->15295 15293->15258 15296 eb3f5b try_get_function 5 API calls 15295->15296 15297 eb401f 15296->15297 15298 eb4037 TlsFree 15297->15298 15299 eb402b 15297->15299 15298->15299 15299->15293 15301 ebbf03 15300->15301 15304 eb0bbe 15301->15304 15303 eb0d8e 15303->14780 15303->15237 15305 eb0bc9 IsProcessorFeaturePresent 15304->15305 15306 eb0bc7 15304->15306 15308 eb13e7 15305->15308 15306->15303 15311 eb13ab SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15308->15311 15310 eb14ca 15310->15303 15311->15310 15313 eb4158 15312->15313 15314 eb4132 15312->15314 15313->15238 15314->15313 15315 eb4142 FreeLibrary 15314->15315 15315->15314 15317 eb122c GetStartupInfoW 15316->15317 15317->14789 15322 ea33e0 ___scrt_fastfail 15318->15322 15319 ea3653 15320 ea3669 15319->15320 15321 ea389f 15319->15321 15327 ea368b 15319->15327 15325 ea2bb0 45 API calls 15320->15325 15320->15327 15564 ea3c10 15321->15564 15322->15319 15322->15321 15552 ea2bb0 15322->15552 15324 ea38a4 15328 ea3c10 45 API calls 15324->15328 15325->15327 15326 ea37aa 15329 ea38ae 15326->15329 15338 ea382a 15326->15338 15327->15324 15327->15326 15337 ea37db 15327->15337 15331 ea38a9 15328->15331 15335 eb4650 26 API calls 15329->15335 15330 eb0bbe CatchGuardHandler 5 API calls 15333 ea389b 15330->15333 15334 eb4650 26 API calls 15331->15334 15339 ea7fe0 GetVersionExW 15333->15339 15334->15329 15336 ea38b3 15335->15336 15337->15331 15337->15338 15338->15330 15340 ea8049 GetLastError 15339->15340 15341 ea800e 15339->15341 15740 ea7da0 15340->15740 15342 eb0bbe CatchGuardHandler 5 API calls 15341->15342 15345 ea54cb 15342->15345 15345->14795 15345->14796 15346 eb203a __CxxThrowException@8 RaiseException 15347 ea8071 15346->15347 15349 ea7eba GetTokenInformation 15348->15349 15350 ea7f73 GetLastError 15348->15350 15745 eb0ce3 15349->15745 15352 ea7da0 27 API calls 15350->15352 15354 ea7f87 15352->15354 15357 eb203a __CxxThrowException@8 RaiseException 15354->15357 15356 ea7f95 GetLastError 15358 ea7da0 27 API calls 15356->15358 15357->15356 15361 ea7fa9 15358->15361 15360 ea7fb7 GetLastError 15362 ea7da0 27 API calls 15360->15362 15364 eb203a __CxxThrowException@8 RaiseException 15361->15364 15365 ea7fcb 15362->15365 15364->15360 15367 eb203a __CxxThrowException@8 RaiseException 15365->15367 15369 ea7fd9 15367->15369 15372 ea80ae 15371->15372 15373 ea80bf GetCurrentProcess 15371->15373 15374 eb0bbe CatchGuardHandler 5 API calls 15372->15374 15376 ea80e0 15373->15376 15375 ea80bb 15374->15375 15375->14800 15377 ea8101 GetLastError 15376->15377 15378 ea80e6 15376->15378 15380 ea7da0 27 API calls 15377->15380 15379 eb0bbe CatchGuardHandler 5 API calls 15378->15379 15381 ea80fd 15379->15381 15382 ea8115 15380->15382 15381->14800 15383 eb203a __CxxThrowException@8 RaiseException 15382->15383 15384 ea8123 15383->15384 15386 eb0bbe CatchGuardHandler 5 API calls 15385->15386 15387 ea3b68 CreateMutexW 15386->15387 15387->14812 15387->14813 15746 eab0e0 15388->15746 15480 ea11c2 SetForegroundWindow 15479->15480 15481 ea11cd 15479->15481 15480->15481 15481->14814 15481->14841 15537 ea4013 15536->15537 15538 ea4009 15536->15538 15537->14892 16803 eb4f49 15538->16803 15541 eb5090 26 API calls 15540->15541 15542 ea4813 15541->15542 15542->14923 15544 ea4188 15543->15544 15545 ea41a6 15543->15545 15544->15545 15546 ea4199 Sleep 15544->15546 15545->14858 15546->15544 15546->15545 15553 ea2d47 15552->15553 15557 ea2be0 15552->15557 15579 ea3c00 15553->15579 15556 ea2c1a 15569 eb0bcf 15556->15569 15557->15556 15558 ea2c4e 15557->15558 15560 eb0bcf 22 API calls 15558->15560 15562 ea2c38 15558->15562 15560->15562 15561 eb4650 26 API calls 15561->15553 15562->15561 15563 ea2d15 15562->15563 15563->15322 15730 eb05bd 15564->15730 15571 eb0bd4 15569->15571 15572 eb0bee 15571->15572 15575 eb0bf0 15571->15575 15586 eb7f33 15571->15586 15591 eb5196 15571->15591 15572->15562 15574 eb151f 15576 eb203a __CxxThrowException@8 RaiseException 15574->15576 15575->15574 15600 eb203a 15575->15600 15577 eb153c 15576->15577 15701 eb059d 15579->15701 15603 eb7f77 15586->15603 15588 eb7f49 15589 eb0bbe CatchGuardHandler 5 API calls 15588->15589 15590 eb7f73 15589->15590 15590->15571 15592 eb8e23 15591->15592 15593 eb8e61 15592->15593 15594 eb8e4c HeapAlloc 15592->15594 15598 eb8e35 _abort 15592->15598 15614 eb517e 15593->15614 15596 eb8e5f 15594->15596 15594->15598 15597 eb8e66 15596->15597 15597->15571 15598->15593 15598->15594 15599 eb7f33 _abort 7 API calls 15598->15599 15599->15598 15601 eb205a RaiseException 15600->15601 15601->15574 15604 eb7f83 BuildCatchObjectHelperInternal 15603->15604 15609 ebb0d1 EnterCriticalSection 15604->15609 15606 eb7f8e 15610 eb7fc0 15606->15610 15608 eb7fb5 _abort 15608->15588 15609->15606 15613 ebb121 LeaveCriticalSection 15610->15613 15612 eb7fc7 15612->15608 15613->15612 15617 eb8b29 GetLastError 15614->15617 15618 eb8b48 15617->15618 15619 eb8b42 15617->15619 15623 eb8b9f SetLastError 15618->15623 15643 eba272 15618->15643 15636 ebb2fb 15619->15636 15625 eb5183 15623->15625 15625->15597 15628 eb8b68 15631 eb8b96 SetLastError 15628->15631 15629 eb8b62 15650 eb8de9 15629->15650 15630 eb8b7e 15663 eb890c 15630->15663 15631->15625 15634 eb8de9 _free 17 API calls 15635 eb8b8f 15634->15635 15635->15623 15635->15631 15668 ebb138 15636->15668 15638 ebb322 15639 ebb33a TlsGetValue 15638->15639 15640 ebb32e 15638->15640 15639->15640 15641 eb0bbe CatchGuardHandler 5 API calls 15640->15641 15642 ebb34b 15641->15642 15642->15618 15649 eba27f _abort 15643->15649 15644 eba2bf 15646 eb517e _free 19 API calls 15644->15646 15645 eba2aa HeapAlloc 15647 eb8b5a 15645->15647 15645->15649 15646->15647 15647->15629 15656 ebb351 15647->15656 15648 eb7f33 _abort 7 API calls 15648->15649 15649->15644 15649->15645 15649->15648 15651 eb8e1d _free 15650->15651 15652 eb8df4 HeapFree 15650->15652 15651->15628 15652->15651 15653 eb8e09 15652->15653 15654 eb517e _free 18 API calls 15653->15654 15655 eb8e0f GetLastError 15654->15655 15655->15651 15657 ebb138 _abort 5 API calls 15656->15657 15658 ebb378 15657->15658 15659 ebb393 TlsSetValue 15658->15659 15660 ebb387 15658->15660 15659->15660 15661 eb0bbe CatchGuardHandler 5 API calls 15660->15661 15662 eb8b77 15661->15662 15662->15629 15662->15630 15681 eb88e4 15663->15681 15672 ebb164 15668->15672 15673 ebb168 __crt_fast_encode_pointer 15668->15673 15669 ebb188 15671 ebb194 GetProcAddress 15669->15671 15669->15673 15671->15673 15672->15669 15672->15673 15674 ebb1d4 15672->15674 15673->15638 15675 ebb1f5 LoadLibraryExW 15674->15675 15677 ebb1ea 15674->15677 15676 ebb212 GetLastError 15675->15676 15678 ebb22a 15675->15678 15676->15678 15679 ebb21d LoadLibraryExW 15676->15679 15677->15672 15678->15677 15680 ebb241 FreeLibrary 15678->15680 15679->15678 15680->15677 15687 eb8824 15681->15687 15683 eb8908 15684 eb8894 15683->15684 15693 eb8728 15684->15693 15686 eb88b8 15686->15634 15688 eb8830 BuildCatchObjectHelperInternal 15687->15688 15689 ebb0d1 _abort EnterCriticalSection 15688->15689 15690 eb883a 15689->15690 15691 eb8860 _abort LeaveCriticalSection 15690->15691 15692 eb8858 _abort 15691->15692 15692->15683 15694 eb8734 BuildCatchObjectHelperInternal 15693->15694 15695 ebb0d1 _abort EnterCriticalSection 15694->15695 15696 eb873e 15695->15696 15697 eb8a5a _abort 20 API calls 15696->15697 15698 eb8756 15697->15698 15699 eb876c _abort LeaveCriticalSection 15698->15699 15700 eb8764 _abort 15699->15700 15700->15686 15706 eb04eb 15701->15706 15704 eb203a __CxxThrowException@8 RaiseException 15705 eb05bc 15704->15705 15709 eb0493 15706->15709 15712 eb2a76 15709->15712 15711 eb04bf 15711->15704 15713 eb2ab0 15712->15713 15714 eb2a83 15712->15714 15713->15711 15714->15713 15715 eb5196 ___std_exception_copy 21 API calls 15714->15715 15716 eb2aa0 15715->15716 15716->15713 15718 eb85fe 15716->15718 15719 eb860b 15718->15719 15720 eb8619 15718->15720 15719->15720 15723 eb8630 15719->15723 15721 eb517e _free 20 API calls 15720->15721 15726 eb8621 15721->15726 15724 eb862b 15723->15724 15725 eb517e _free 20 API calls 15723->15725 15724->15713 15725->15726 15727 eb4640 15726->15727 15728 eb45c5 __mbsinc 26 API calls 15727->15728 15729 eb464c 15728->15729 15729->15724 15737 eb054b 15730->15737 15733 eb203a __CxxThrowException@8 RaiseException 15734 eb05dc 15733->15734 15735 ea7ae6 ___delayLoadHelper2@8 17 API calls 15734->15735 15736 eb05f4 15735->15736 15738 eb0493 std::exception::exception 27 API calls 15737->15738 15739 eb055d 15738->15739 15739->15733 15741 eb2a76 ___std_exception_copy 27 API calls 15740->15741 15742 ea7ddd 15741->15742 15743 eb0bbe CatchGuardHandler 5 API calls 15742->15743 15744 ea7df9 15743->15744 15744->15346 15831 eab780 15746->15831 15749 eab12c 15755 eab780 39 API calls 15749->15755 15750 eab741 16056 ea9da0 15750->16056 15752 eab74b 15753 ea9da0 RaiseException 15752->15753 15754 eab755 15753->15754 15756 ea9da0 RaiseException 15754->15756 15757 eab152 15755->15757 15758 eab75f 15756->15758 15757->15752 15759 eab15c 15757->15759 15760 ea9da0 RaiseException 15758->15760 15765 eab780 39 API calls 15759->15765 15761 eab769 15760->15761 15762 ea9da0 RaiseException 15761->15762 15763 eab773 15762->15763 15764 eb4650 26 API calls 15763->15764 15766 eab778 15764->15766 15768 eab182 15765->15768 15767 eb4650 26 API calls 15766->15767 15769 eab77d 15767->15769 15768->15754 15770 eab18c 15768->15770 15771 eab780 39 API calls 15770->15771 15772 eab1b2 15771->15772 15772->15758 15773 eab1bc 15772->15773 15846 ea9530 15773->15846 15775 eab1f2 15776 eab780 39 API calls 15775->15776 15777 eab20a 15776->15777 15777->15761 15778 eab214 15777->15778 15917 ea8dc0 15778->15917 15780 eab24f 15935 ea9450 CryptCreateHash 15780->15935 15783 ea8dc0 35 API calls 15784 eab287 15783->15784 15785 ea9450 31 API calls 15784->15785 15786 eab2a5 15785->15786 15946 eac500 15786->15946 15832 eab7b1 15831->15832 15843 eab79d 15831->15843 16060 eb0aca EnterCriticalSection 15832->16060 15834 eab7bb 15836 eab7c7 GetProcessHeap 15834->15836 15834->15843 15835 eb0aca 5 API calls 15837 eab81b 15835->15837 16065 eb0f59 15836->16065 15840 eb0f59 29 API calls 15837->15840 15845 eab122 15837->15845 15842 eab874 15840->15842 15844 eb0a80 4 API calls 15842->15844 15843->15835 15843->15845 15844->15845 15845->15749 15845->15750 15847 eab780 39 API calls 15846->15847 15848 ea9566 15847->15848 15849 ea981a 15848->15849 15850 ea9571 15848->15850 15851 ea9da0 RaiseException 15849->15851 15856 eab780 39 API calls 15850->15856 15852 ea9824 15851->15852 15853 ea9da0 RaiseException 15852->15853 15854 ea982e 15853->15854 15855 ea9da0 RaiseException 15854->15855 15857 ea9838 15855->15857 15858 ea9595 15856->15858 15859 ea9da0 RaiseException 15857->15859 15858->15852 15860 ea95a0 15858->15860 15861 ea9842 15859->15861 15866 eab780 39 API calls 15860->15866 15862 ea9da0 RaiseException 15861->15862 15863 ea984c 15862->15863 15864 ea9da0 RaiseException 15863->15864 15865 ea9856 15864->15865 15867 ea9da0 RaiseException 15865->15867 15868 ea95c4 15866->15868 15869 ea9860 15867->15869 15868->15854 15870 ea95cf 15868->15870 15871 ea9da0 RaiseException 15869->15871 15876 eab780 39 API calls 15870->15876 15872 ea986a 15871->15872 15873 ea9da0 RaiseException 15872->15873 15874 ea9874 15873->15874 15875 ea9da0 RaiseException 15874->15875 15877 ea987e 15875->15877 15878 ea95f3 15876->15878 15879 ea9da0 RaiseException 15877->15879 15878->15857 15880 ea95fe 15878->15880 15881 ea9888 15879->15881 15885 eab780 39 API calls 15880->15885 15882 ea9da0 RaiseException 15881->15882 15883 ea9892 15882->15883 15884 ea9da0 RaiseException 15883->15884 15915 ea97c9 15884->15915 15887 ea9622 15885->15887 15886 ea9da0 RaiseException 15888 ea98a6 15886->15888 15887->15861 15889 ea962d 15887->15889 15888->15775 15890 eab780 39 API calls 15889->15890 15891 ea9651 15890->15891 15891->15863 15892 ea965c 15891->15892 15893 eab780 39 API calls 15892->15893 15894 ea9680 15893->15894 15894->15865 15895 ea968b 15894->15895 15896 eab780 39 API calls 15895->15896 15897 ea96af 15896->15897 15897->15869 15898 ea96ba 15897->15898 15899 eab780 39 API calls 15898->15899 15900 ea96de 15899->15900 15900->15872 15901 ea96e9 15900->15901 15902 eab780 39 API calls 15901->15902 15903 ea970d 15902->15903 15903->15874 15904 ea9718 15903->15904 15905 eab780 39 API calls 15904->15905 15906 ea973c 15905->15906 15906->15877 15907 ea9747 15906->15907 15908 eab780 39 API calls 15907->15908 15909 ea976b 15908->15909 15909->15881 15910 ea9776 15909->15910 15911 eab780 39 API calls 15910->15911 15912 ea979a 15911->15912 15912->15883 15913 ea97a5 15912->15913 15914 eab780 39 API calls 15913->15914 15914->15915 15915->15886 15916 ea97d4 15915->15916 15916->15775 15918 ea8e3e ___scrt_fastfail 15917->15918 15919 ea7fe0 30 API calls 15918->15919 15920 ea8e46 15919->15920 15921 ea8e5c CryptAcquireContextA 15920->15921 15922 ea8e4d lstrcatA 15920->15922 15923 ea8ea7 GetLastError 15921->15923 15924 ea8e77 15921->15924 15922->15921 15927 ea7da0 27 API calls 15923->15927 15925 ea8e8b 15924->15925 15926 ea8e82 CryptReleaseContext 15924->15926 15928 eb0bbe CatchGuardHandler 5 API calls 15925->15928 15926->15925 15929 ea8ebe 15927->15929 15930 ea8ea3 15928->15930 15931 eb203a __CxxThrowException@8 RaiseException 15929->15931 15930->15780 15932 ea8ecf 15931->15932 15933 ea8edf 15932->15933 15934 ea8ed6 CryptReleaseContext 15932->15934 15933->15780 15934->15933 15936 ea947a 15935->15936 15937 ea949f GetLastError 15935->15937 15938 ea9488 CryptDestroyHash 15936->15938 15939 ea948f 15936->15939 15940 ea7da0 27 API calls 15937->15940 15938->15939 15941 eb0bbe CatchGuardHandler 5 API calls 15939->15941 15942 ea94b3 15940->15942 15943 ea9499 15941->15943 15944 eb203a __CxxThrowException@8 RaiseException 15942->15944 15943->15783 15945 ea94c1 15944->15945 15947 eab780 39 API calls 15946->15947 15948 eac53d 15947->15948 15949 eac88c 15948->15949 15950 eac547 15948->15950 15951 ea9da0 RaiseException 15949->15951 15956 eab780 39 API calls 15950->15956 15952 eac896 15951->15952 15953 ea9da0 RaiseException 15952->15953 15954 eac8a0 15953->15954 15955 ea9da0 RaiseException 15954->15955 15957 eac8aa 15955->15957 15958 eac56a 15956->15958 15960 ea9da0 RaiseException 15957->15960 15958->15952 15959 eac574 15958->15959 15962 eab780 39 API calls 15959->15962 15961 eac8b4 15960->15961 15963 eac594 15962->15963 15963->15954 15965 eac59e 15963->15965 15964 eac5f7 GetSystemDirectoryW 15966 eac607 GetLastError 15964->15966 15969 eac614 15964->15969 15965->15964 16112 eac920 15965->16112 15966->15969 15969->15957 15970 eac677 GetVolumePathNameW 15969->15970 15971 eac920 RaiseException 15969->15971 15974 eac7fd 15969->15974 15972 eac688 GetLastError 15970->15972 15978 eac693 15970->15978 15973 eac671 15971->15973 15972->15978 15973->15970 15975 eb0bbe CatchGuardHandler 5 API calls 15974->15975 15976 eab3f1 15975->15976 15992 eaa100 15976->15992 15977 eac6e5 GetVolumeNameForVolumeMountPointW 15980 eac701 15977->15980 15981 eac6f6 GetLastError 15977->15981 15978->15957 15978->15974 15978->15977 15979 eac920 RaiseException 15978->15979 15982 eac6e2 15979->15982 15980->15957 15980->15974 15983 eac79e CreateFileW 15980->15983 15989 eac789 15980->15989 15990 eac920 RaiseException 15980->15990 15981->15980 15982->15977 15984 eac7b8 GetLastError 15983->15984 15985 eac7c3 DeviceIoControl 15983->15985 15984->15974 15986 eac7ee 15985->15986 15987 eac7e3 GetLastError 15985->15987 15988 eac7f6 CloseHandle 15986->15988 15987->15988 15988->15974 15989->15957 15991 eac795 15989->15991 15990->15989 15991->15983 15993 eab780 39 API calls 15992->15993 15994 eaa144 15993->15994 15995 eaa4b7 15994->15995 15998 eaa14e GetVersion 15994->15998 15996 ea9da0 RaiseException 15995->15996 15997 eaa4c1 15996->15997 15999 ea9da0 RaiseException 15997->15999 16131 ea9ff0 15998->16131 16000 eaa4cb 15999->16000 16002 ea9da0 RaiseException 16000->16002 16004 eaa4d5 16002->16004 16008 eacc40 RaiseException 16004->16008 16005 eaa19a CreateFileW 16006 eaa1b9 GetLastError 16005->16006 16007 eaa1c7 16005->16007 16014 eaa46e 16006->16014 16009 eb5196 ___std_exception_copy 21 API calls 16007->16009 16010 eaa4da 16008->16010 16011 eaa1d1 ___scrt_fastfail 16009->16011 16012 eaa1dd 16011->16012 16015 eaa1f6 DeviceIoControl 16011->16015 16013 eaa465 CloseHandle 16012->16013 16013->16014 16016 eb0bbe CatchGuardHandler 5 API calls 16014->16016 16017 eaa22b GetLastError 16015->16017 16020 eaa239 16015->16020 16018 eaa4b3 16016->16018 16017->16013 16047 eaa4e0 16018->16047 16019 eaa41b 16021 eaa438 16019->16021 16022 eaa422 16019->16022 16020->16012 16020->16019 16023 eaa265 16020->16023 16030 eacb70 27 API calls 16021->16030 16024 eacb70 27 API calls 16022->16024 16025 eab780 39 API calls 16023->16025 16027 eaa42e 16024->16027 16026 eaa26e 16025->16026 16026->15997 16033 eaa279 16026->16033 16029 eacc50 43 API calls 16027->16029 16029->16012 16031 eaa454 16030->16031 16032 eacc50 43 API calls 16031->16032 16032->16012 16033->16000 16034 eaa2bb 16033->16034 16144 eac8c0 16033->16144 16148 eacdd0 16034->16148 16037 eaa2cc 16037->16000 16038 eaa2fa 16037->16038 16039 eaa3d7 16038->16039 16042 eaa334 16038->16042 16043 eaa35a 16038->16043 16178 eacb70 16039->16178 16042->16004 16042->16043 16044 eaa385 16042->16044 16045 eaa39e 16043->16045 16158 eacfb0 16044->16158 16045->16043 16200 eacc50 16045->16200 16048 eab780 39 API calls 16047->16048 16049 eaa523 16048->16049 16050 ea9da0 RaiseException 16049->16050 16051 eaa8e1 16050->16051 16052 ea9da0 RaiseException 16051->16052 16053 eaa8eb 16052->16053 16054 eacc40 RaiseException 16053->16054 16055 eaa8f0 16054->16055 16057 ea9daf 16056->16057 16058 eb203a __CxxThrowException@8 RaiseException 16057->16058 16059 ea9dbd 16058->16059 16059->15752 16061 eb0ade 16060->16061 16062 eb0ae3 LeaveCriticalSection 16061->16062 16072 eb0b5e 16061->16072 16062->15834 16075 eb0f1e 16065->16075 16068 eb0a80 EnterCriticalSection LeaveCriticalSection 16069 eb0b1c 16068->16069 16070 eb0b4a SetEvent ResetEvent 16069->16070 16071 eb0b25 16069->16071 16070->15843 16071->15843 16073 eb0b97 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16072->16073 16074 eb0b6b 16072->16074 16073->16074 16074->16061 16076 eb0f3b 16075->16076 16077 eb0f42 16075->16077 16081 eb831c 16076->16081 16084 eb838c 16077->16084 16080 eab802 16080->16068 16082 eb838c __onexit 29 API calls 16081->16082 16083 eb832e 16082->16083 16083->16080 16087 eb8093 16084->16087 16090 eb7fc9 16087->16090 16089 eb80b7 16089->16080 16091 eb7fd5 BuildCatchObjectHelperInternal 16090->16091 16098 ebb0d1 EnterCriticalSection 16091->16098 16093 eb7fe3 16099 eb81db 16093->16099 16095 eb7ff0 16109 eb800e 16095->16109 16097 eb8001 _abort 16097->16089 16098->16093 16100 eb81f9 16099->16100 16107 eb81f1 __onexit __crt_fast_encode_pointer 16099->16107 16101 eb8252 16100->16101 16102 eb8586 __onexit 29 API calls 16100->16102 16100->16107 16103 eb8586 __onexit 29 API calls 16101->16103 16101->16107 16104 eb8248 16102->16104 16105 eb8268 16103->16105 16106 eb8de9 _free 20 API calls 16104->16106 16108 eb8de9 _free 20 API calls 16105->16108 16106->16101 16107->16095 16108->16107 16110 ebb121 _abort LeaveCriticalSection 16109->16110 16111 eb8018 16110->16111 16111->16097 16113 eac939 16112->16113 16117 eac947 16112->16117 16119 ea9f40 16113->16119 16114 eac5f4 16114->15964 16117->16114 16123 eac9d0 16117->16123 16120 ea9f69 16119->16120 16128 eacc40 16120->16128 16124 eac9e3 16123->16124 16125 eacc40 RaiseException 16124->16125 16126 eaca06 16124->16126 16127 eaca15 16125->16127 16126->16114 16127->16114 16129 ea9da0 RaiseException 16128->16129 16130 eacc4a 16129->16130 16132 eaa005 ___scrt_initialize_default_local_stdio_options 16131->16132 16142 eaa071 16131->16142 16228 eb706b 16132->16228 16133 ea9da0 RaiseException 16134 eaa097 16133->16134 16135 ea9da0 RaiseException 16134->16135 16137 eaa0a1 16135->16137 16137->16005 16139 eaa054 16231 eb708f 16139->16231 16140 eac920 RaiseException 16140->16139 16142->16133 16143 eaa07b 16142->16143 16143->16005 16145 eac8e7 16144->16145 16146 eac913 16145->16146 16510 eac980 16145->16510 16146->16034 16153 eacde8 16148->16153 16150 eace96 16152 eb52a8 42 API calls 16150->16152 16157 eacf12 16150->16157 16152->16150 16153->16150 16154 eace64 16153->16154 16515 eb55d7 16153->16515 16519 eb52a8 16153->16519 16524 eb5279 16153->16524 16154->16150 16155 eb5279 42 API calls 16154->16155 16155->16154 16157->16037 16159 eacfbb 16158->16159 16160 eacfc0 16158->16160 16159->16045 16161 eacfc7 16160->16161 16166 eacfdf ___scrt_fastfail 16160->16166 16162 eb517e _free 20 API calls 16161->16162 16163 eacfcc 16162->16163 16165 eb4640 __mbsinc 26 API calls 16163->16165 16164 eacfef 16164->16045 16167 eacfd7 16165->16167 16166->16164 16168 ead02b 16166->16168 16169 ead011 16166->16169 16167->16045 16170 ead021 16168->16170 16172 eb517e _free 20 API calls 16168->16172 16171 eb517e _free 20 API calls 16169->16171 16170->16045 16173 ead016 16171->16173 16174 ead034 16172->16174 16175 eb4640 __mbsinc 26 API calls 16173->16175 16176 eb4640 __mbsinc 26 API calls 16174->16176 16175->16170 16177 ead03f 16176->16177 16177->16045 16179 eacb81 16178->16179 16183 eacb8e 16178->16183 16599 ea9dd0 16179->16599 16182 ea9da0 RaiseException 16184 eacc3f 16182->16184 16185 eac8c0 RaiseException 16183->16185 16188 eacbca 16183->16188 16192 eacbe8 BuildCatchObjectHelperInternal 16183->16192 16185->16188 16186 eacc0e 16189 eacfb0 26 API calls 16186->16189 16187 eacbd4 16190 eacbea 16187->16190 16191 eacbd8 16187->16191 16188->16186 16188->16187 16189->16192 16190->16192 16194 eb517e _free 20 API calls 16190->16194 16193 eb517e _free 20 API calls 16191->16193 16192->16182 16197 eacc24 16192->16197 16195 eacbdd 16193->16195 16196 eacbf4 16194->16196 16198 eb4640 __mbsinc 26 API calls 16195->16198 16199 eb4640 __mbsinc 26 API calls 16196->16199 16197->16043 16198->16192 16199->16192 16201 eacc5f 16200->16201 16222 eaccb7 16200->16222 16223 eacc8e 16201->16223 16604 eb7266 16201->16604 16607 eb71c2 16201->16607 16203 eb7266 42 API calls 16204 eaccdd 16203->16204 16205 eb71c2 __mbsinc 38 API calls 16204->16205 16209 eb7266 42 API calls 16204->16209 16212 eaccfc 16204->16212 16205->16204 16206 eacd96 16206->16012 16208 eacd88 16208->16206 16210 ea9da0 RaiseException 16208->16210 16209->16204 16213 eacdaf 16210->16213 16211 eacd27 16215 eacd3c 16211->16215 16216 eacd53 16211->16216 16217 eacd4c BuildCatchObjectHelperInternal 16211->16217 16212->16206 16212->16208 16212->16211 16214 eac8c0 RaiseException 16212->16214 16214->16211 16219 eb517e _free 20 API calls 16215->16219 16216->16217 16221 eb517e _free 20 API calls 16216->16221 16615 ea9d00 16217->16615 16220 eacd41 16219->16220 16224 eb4640 __mbsinc 26 API calls 16220->16224 16225 eacd60 16221->16225 16222->16203 16222->16208 16223->16208 16223->16222 16226 eac8c0 RaiseException 16223->16226 16224->16217 16227 eb4640 __mbsinc 26 API calls 16225->16227 16226->16222 16227->16217 16234 eb5bc9 16228->16234 16456 eb5d4e 16231->16456 16233 eb70ae 16233->16142 16235 eb5c09 16234->16235 16236 eb5bf1 16234->16236 16235->16236 16238 eb5c11 16235->16238 16237 eb517e _free 20 API calls 16236->16237 16239 eb5bf6 16237->16239 16251 eb4dd3 16238->16251 16241 eb4640 __mbsinc 26 API calls 16239->16241 16249 eb5c01 16241->16249 16243 eb0bbe CatchGuardHandler 5 API calls 16245 eaa026 16243->16245 16245->16134 16245->16139 16245->16140 16249->16243 16252 eb4de6 16251->16252 16253 eb4df0 16251->16253 16259 eb6089 16252->16259 16253->16252 16279 eb8aa5 GetLastError 16253->16279 16255 eb4e11 16299 eb8d51 16255->16299 16260 eb60a8 16259->16260 16261 eb517e _free 20 API calls 16260->16261 16262 eb5c99 16261->16262 16263 eb63a8 16262->16263 16339 eb4e82 16263->16339 16265 eb63cd 16266 eb517e _free 20 API calls 16265->16266 16267 eb63d2 16266->16267 16269 eb4640 __mbsinc 26 API calls 16267->16269 16268 eb5ca4 16276 eb60be 16268->16276 16269->16268 16270 eb63b8 16270->16265 16270->16268 16346 eb6505 16270->16346 16353 eb6941 16270->16353 16358 eb653f 16270->16358 16363 eb6568 16270->16363 16394 eb66e4 16270->16394 16277 eb8de9 _free 20 API calls 16276->16277 16278 eb60ce 16277->16278 16278->16249 16280 eb8abb 16279->16280 16281 eb8ac1 16279->16281 16282 ebb2fb _abort 11 API calls 16280->16282 16283 eba272 _abort 20 API calls 16281->16283 16285 eb8b10 SetLastError 16281->16285 16282->16281 16284 eb8ad3 16283->16284 16286 eb8adb 16284->16286 16287 ebb351 _abort 11 API calls 16284->16287 16285->16255 16288 eb8de9 _free 20 API calls 16286->16288 16289 eb8af0 16287->16289 16290 eb8ae1 16288->16290 16289->16286 16291 eb8af7 16289->16291 16293 eb8b1c SetLastError 16290->16293 16292 eb890c _abort 20 API calls 16291->16292 16294 eb8b02 16292->16294 16307 eb8658 16293->16307 16296 eb8de9 _free 20 API calls 16294->16296 16298 eb8b09 16296->16298 16298->16285 16298->16293 16300 eb8d64 16299->16300 16302 eb4e2a 16299->16302 16300->16302 16318 ebbdf4 16300->16318 16303 eb8d7e 16302->16303 16304 eb8da6 16303->16304 16305 eb8d91 16303->16305 16304->16252 16305->16304 16330 ebacee 16305->16330 16308 ebc0a6 _abort EnterCriticalSection LeaveCriticalSection 16307->16308 16309 eb865d 16308->16309 16310 ebc101 _abort 37 API calls 16309->16310 16312 eb8668 16309->16312 16310->16312 16311 eb8672 IsProcessorFeaturePresent 16313 eb867d 16311->16313 16312->16311 16317 eb8690 16312->16317 16315 eb4476 _abort 8 API calls 16313->16315 16314 eb7d76 _abort 28 API calls 16316 eb869a 16314->16316 16315->16317 16317->16314 16319 ebbe00 BuildCatchObjectHelperInternal 16318->16319 16320 eb8aa5 FindHandler 38 API calls 16319->16320 16321 ebbe09 16320->16321 16322 ebbe57 _abort 16321->16322 16323 ebb0d1 _abort EnterCriticalSection 16321->16323 16322->16302 16324 ebbe27 16323->16324 16325 ebbe6b __fassign 20 API calls 16324->16325 16326 ebbe3b 16325->16326 16327 ebbe5a __fassign LeaveCriticalSection 16326->16327 16328 ebbe4e 16327->16328 16328->16322 16329 eb8658 _abort 38 API calls 16328->16329 16329->16322 16331 ebacfa BuildCatchObjectHelperInternal 16330->16331 16332 eb8aa5 FindHandler 38 API calls 16331->16332 16334 ebad04 16332->16334 16333 ebb0d1 _abort EnterCriticalSection 16333->16334 16334->16333 16335 ebad7f __fassign LeaveCriticalSection 16334->16335 16336 eb8658 _abort 38 API calls 16334->16336 16337 ebad88 _abort 16334->16337 16338 eb8de9 _free 20 API calls 16334->16338 16335->16334 16336->16334 16337->16304 16338->16334 16340 eb4e9a 16339->16340 16341 eb4e87 16339->16341 16340->16270 16342 eb517e _free 20 API calls 16341->16342 16343 eb4e8c 16342->16343 16344 eb4640 __mbsinc 26 API calls 16343->16344 16345 eb4e97 16344->16345 16345->16270 16347 eb650a 16346->16347 16348 eb6521 16347->16348 16349 eb517e _free 20 API calls 16347->16349 16348->16270 16350 eb6513 16349->16350 16351 eb4640 __mbsinc 26 API calls 16350->16351 16352 eb651e 16351->16352 16352->16270 16354 eb6948 16353->16354 16355 eb6952 16353->16355 16418 eb621a 16354->16418 16355->16270 16359 eb6546 16358->16359 16361 eb6550 16358->16361 16360 eb621a 39 API calls 16359->16360 16362 eb654f 16360->16362 16361->16270 16362->16270 16364 eb658b 16363->16364 16365 eb6571 16363->16365 16366 eb517e _free 20 API calls 16364->16366 16379 eb65bc 16364->16379 16367 eb6776 16365->16367 16372 eb670b 16365->16372 16365->16379 16368 eb65a8 16366->16368 16369 eb677d 16367->16369 16370 eb67bc 16367->16370 16375 eb674d 16367->16375 16371 eb4640 __mbsinc 26 API calls 16368->16371 16373 eb6724 16369->16373 16374 eb6782 16369->16374 16449 eb6e13 16370->16449 16378 eb65b3 16371->16378 16372->16375 16376 eb6717 16372->16376 16392 eb6732 16373->16392 16393 eb6746 16373->16393 16441 eb6a2c 16373->16441 16374->16375 16380 eb6787 16374->16380 16375->16392 16375->16393 16435 eb6c36 16375->16435 16376->16373 16383 eb675d 16376->16383 16376->16392 16378->16270 16379->16270 16384 eb679a 16380->16384 16385 eb678c 16380->16385 16383->16393 16421 eb6b9e 16383->16421 16429 eb6d80 16384->16429 16385->16393 16425 eb6df4 16385->16425 16387 eb0bbe CatchGuardHandler 5 API calls 16390 eb693d 16387->16390 16390->16270 16392->16393 16452 eb6f46 16392->16452 16393->16387 16395 eb670b 16394->16395 16396 eb6776 16394->16396 16405 eb674d 16395->16405 16407 eb6717 16395->16407 16397 eb677d 16396->16397 16398 eb67bc 16396->16398 16396->16405 16399 eb6724 16397->16399 16400 eb6782 16397->16400 16401 eb6e13 26 API calls 16398->16401 16403 eb6a2c 48 API calls 16399->16403 16416 eb6732 16399->16416 16417 eb6746 16399->16417 16404 eb6787 16400->16404 16400->16405 16401->16416 16402 eb6c36 26 API calls 16402->16416 16403->16416 16408 eb679a 16404->16408 16409 eb678c 16404->16409 16405->16402 16405->16416 16405->16417 16406 eb675d 16412 eb6b9e 40 API calls 16406->16412 16406->16417 16407->16399 16407->16406 16407->16416 16410 eb6d80 26 API calls 16408->16410 16413 eb6df4 26 API calls 16409->16413 16409->16417 16410->16416 16411 eb0bbe CatchGuardHandler 5 API calls 16414 eb693d 16411->16414 16412->16416 16413->16416 16414->16270 16415 eb6f46 40 API calls 16415->16417 16416->16415 16416->16417 16417->16411 16419 eb9132 39 API calls 16418->16419 16420 eb6243 16419->16420 16420->16270 16423 eb6bca 16421->16423 16422 eb6bf9 16422->16392 16423->16422 16424 eb915e __fassign 40 API calls 16423->16424 16424->16422 16426 eb6e00 16425->16426 16427 eb6c36 26 API calls 16426->16427 16428 eb6e12 16427->16428 16428->16392 16434 eb6d95 16429->16434 16430 eb517e _free 20 API calls 16431 eb6d9e 16430->16431 16432 eb4640 __mbsinc 26 API calls 16431->16432 16433 eb6da9 16432->16433 16433->16392 16434->16430 16434->16433 16436 eb6c47 16435->16436 16437 eb517e _free 20 API calls 16436->16437 16440 eb6c71 16436->16440 16438 eb6c66 16437->16438 16439 eb4640 __mbsinc 26 API calls 16438->16439 16439->16440 16440->16392 16442 eb6a48 16441->16442 16443 eb5de0 21 API calls 16442->16443 16444 eb6a95 16443->16444 16445 eb9b3d 40 API calls 16444->16445 16446 eb6b0f 16445->16446 16447 eb61be 46 API calls 16446->16447 16448 eb6b2e 16446->16448 16447->16448 16448->16392 16450 eb6c36 26 API calls 16449->16450 16451 eb6e2a 16450->16451 16451->16392 16453 eb6f58 16452->16453 16454 eb6fa6 16452->16454 16453->16454 16455 eb915e __fassign 40 API calls 16453->16455 16454->16393 16455->16453 16457 eb5d59 16456->16457 16458 eb5d6e 16456->16458 16460 eb517e _free 20 API calls 16457->16460 16459 eb5db2 16458->16459 16461 eb5d7c 16458->16461 16462 eb517e _free 20 API calls 16459->16462 16463 eb5d5e 16460->16463 16472 eb5a44 16461->16472 16471 eb5daa 16462->16471 16465 eb4640 __mbsinc 26 API calls 16463->16465 16467 eb5d69 16465->16467 16467->16233 16468 eb4640 __mbsinc 26 API calls 16469 eb5dc2 16468->16469 16469->16233 16470 eb517e _free 20 API calls 16470->16471 16471->16468 16473 eb5a6c 16472->16473 16474 eb5a84 16472->16474 16475 eb517e _free 20 API calls 16473->16475 16474->16473 16476 eb5a8c 16474->16476 16477 eb5a71 16475->16477 16478 eb4dd3 __fassign 38 API calls 16476->16478 16479 eb4640 __mbsinc 26 API calls 16477->16479 16480 eb5a9c 16478->16480 16487 eb5a7c 16479->16487 16481 eb6089 20 API calls 16480->16481 16483 eb5b14 16481->16483 16482 eb0bbe CatchGuardHandler 5 API calls 16484 eb5ba6 16482->16484 16489 eb6278 16483->16489 16484->16469 16484->16470 16486 eb60be 20 API calls 16486->16487 16487->16482 16490 eb4e82 26 API calls 16489->16490 16496 eb6288 16490->16496 16491 eb629d 16492 eb517e _free 20 API calls 16491->16492 16494 eb62a2 16492->16494 16493 eb5b1f 16493->16486 16495 eb4640 __mbsinc 26 API calls 16494->16495 16495->16493 16496->16491 16496->16493 16498 eb653f 39 API calls 16496->16498 16499 eb6568 50 API calls 16496->16499 16500 eb6505 26 API calls 16496->16500 16501 eb66e4 50 API calls 16496->16501 16502 eb6941 39 API calls 16496->16502 16503 eb6edf 16496->16503 16498->16496 16499->16496 16500->16496 16501->16496 16502->16496 16504 eb6efe 16503->16504 16505 eb6ee5 16503->16505 16504->16496 16505->16504 16506 eb517e _free 20 API calls 16505->16506 16507 eb6ef0 16506->16507 16508 eb4640 __mbsinc 26 API calls 16507->16508 16509 eb6efb 16508->16509 16509->16496 16513 eac993 16510->16513 16511 eacc40 RaiseException 16512 eac9c5 16511->16512 16513->16511 16514 eac9b6 16513->16514 16514->16146 16516 eb55e5 16515->16516 16518 eb55ef 16515->16518 16529 eb55a3 16516->16529 16518->16153 16520 eb52b6 16519->16520 16521 eb52c4 16519->16521 16589 eb5214 16520->16589 16521->16153 16525 eb5287 16524->16525 16526 eb5295 16524->16526 16594 eb51d9 16525->16594 16526->16153 16532 eb541f 16529->16532 16533 eb4dd3 __fassign 38 API calls 16532->16533 16534 eb5433 16533->16534 16535 eb5489 16534->16535 16536 eb543e 16534->16536 16538 eb54b0 16535->16538 16547 eb8e71 16535->16547 16544 eb5586 16536->16544 16539 eb517e _free 20 API calls 16538->16539 16541 eb54b6 16538->16541 16539->16541 16550 eb90c7 16541->16550 16543 eb5448 16543->16518 16555 eb4ec7 16544->16555 16548 eb4dd3 __fassign 38 API calls 16547->16548 16549 eb8e84 16548->16549 16549->16538 16551 eb4dd3 __fassign 38 API calls 16550->16551 16552 eb90da 16551->16552 16562 eb8eaa 16552->16562 16556 eb4ee9 16555->16556 16557 eb4ed3 16555->16557 16559 eb4e9d 38 API calls 16556->16559 16557->16556 16558 eb4edb 16557->16558 16560 eb8c7f 42 API calls 16558->16560 16561 eb4ee7 16559->16561 16560->16561 16561->16543 16563 eb8ec5 16562->16563 16564 eb8eeb MultiByteToWideChar 16563->16564 16565 eb909f 16564->16565 16566 eb8f15 16564->16566 16567 eb0bbe CatchGuardHandler 5 API calls 16565->16567 16569 eb8e23 __onexit 21 API calls 16566->16569 16572 eb8f36 __alloca_probe_16 16566->16572 16568 eb90b2 16567->16568 16568->16543 16569->16572 16570 eb8f7f MultiByteToWideChar 16571 eb8feb 16570->16571 16573 eb8f98 16570->16573 16575 eb9112 __freea 20 API calls 16571->16575 16572->16570 16572->16571 16574 ebb40c 11 API calls 16573->16574 16576 eb8faf 16574->16576 16575->16565 16576->16571 16577 eb8ffa 16576->16577 16578 eb8fc2 16576->16578 16579 eb8e23 __onexit 21 API calls 16577->16579 16584 eb901b __alloca_probe_16 16577->16584 16578->16571 16581 ebb40c 11 API calls 16578->16581 16579->16584 16580 eb9090 16583 eb9112 __freea 20 API calls 16580->16583 16581->16571 16582 ebb40c 11 API calls 16585 eb906f 16582->16585 16583->16571 16584->16580 16584->16582 16585->16580 16586 eb907e WideCharToMultiByte 16585->16586 16586->16580 16587 eb90be 16586->16587 16588 eb9112 __freea 20 API calls 16587->16588 16588->16571 16590 eb4dd3 __fassign 38 API calls 16589->16590 16591 eb5227 16590->16591 16592 eb4ec7 42 API calls 16591->16592 16593 eb5235 16592->16593 16593->16153 16595 eb4dd3 __fassign 38 API calls 16594->16595 16596 eb51ec 16595->16596 16597 eb4ec7 42 API calls 16596->16597 16598 eb51fd 16597->16598 16598->16153 16600 ea9e08 16599->16600 16601 ea9e17 16599->16601 16600->16601 16602 ea9da0 RaiseException 16600->16602 16601->16043 16603 ea9e8a 16602->16603 16624 eb7279 16604->16624 16608 eb71cf 16607->16608 16609 eb71e3 16607->16609 16610 eb517e _free 20 API calls 16608->16610 16661 eba065 16609->16661 16612 eb71d4 16610->16612 16613 eb4640 __mbsinc 26 API calls 16612->16613 16614 eb71df 16613->16614 16614->16201 16616 ea9d0b 16615->16616 16617 ea9da0 RaiseException 16616->16617 16618 ea9d19 16616->16618 16619 ea9d31 16616->16619 16620 ea9d27 16616->16620 16617->16620 16618->16208 16622 ea9da0 RaiseException 16619->16622 16621 ea9da0 RaiseException 16620->16621 16621->16619 16623 ea9d3b 16622->16623 16625 eb4dd3 __fassign 38 API calls 16624->16625 16626 eb728c 16625->16626 16627 eb72a8 16626->16627 16628 eb7298 16626->16628 16632 eb71fd 16627->16632 16629 eb4ec7 42 API calls 16628->16629 16631 eb7275 16629->16631 16631->16201 16633 eb7211 16632->16633 16634 eb7215 16632->16634 16633->16631 16636 eba07d 16634->16636 16637 eb4dd3 __fassign 38 API calls 16636->16637 16638 eba09d MultiByteToWideChar 16637->16638 16640 eba0db 16638->16640 16646 eba173 16638->16646 16647 eba0fc __alloca_probe_16 ___scrt_fastfail 16640->16647 16650 eb8e23 16640->16650 16641 eb0bbe CatchGuardHandler 5 API calls 16643 eba196 16641->16643 16643->16633 16644 eba16d 16657 eb9112 16644->16657 16646->16641 16647->16644 16648 eba141 MultiByteToWideChar 16647->16648 16648->16644 16649 eba15d GetStringTypeW 16648->16649 16649->16644 16651 eb8e61 16650->16651 16655 eb8e31 _abort 16650->16655 16653 eb517e _free 20 API calls 16651->16653 16652 eb8e4c HeapAlloc 16654 eb8e5f 16652->16654 16652->16655 16653->16654 16654->16647 16655->16651 16655->16652 16656 eb7f33 _abort 7 API calls 16655->16656 16656->16655 16658 eb911e 16657->16658 16659 eb912f 16657->16659 16658->16659 16660 eb8de9 _free 20 API calls 16658->16660 16659->16646 16660->16659 16664 eba00c 16661->16664 16665 eb4dd3 __fassign 38 API calls 16664->16665 16666 eba020 16665->16666 16666->16614 16804 eb4f56 16803->16804 16805 eb4f65 16804->16805 16806 eb517e _free 20 API calls 16804->16806 16805->15537 16807 eb4f5b 16806->16807 16808 eb4640 __mbsinc 26 API calls 16807->16808 16808->16805 16870 eb7b4d FindHandler 16869->16870 16871 eb7b65 16870->16871 16891 eb7c9b GetModuleHandleW 16870->16891 16900 ebb0d1 EnterCriticalSection 16871->16900 16877 eb7b6d 16886 eb7be2 16877->16886 16889 eb7c0b 16877->16889 16901 eb8332 16877->16901 16879 eb7c28 16907 eb7c5a 16879->16907 16880 eb7c54 16915 ec1b19 16880->16915 16883 eb7a8d _abort 5 API calls 16888 eb7bfa 16883->16888 16884 eb7a8d _abort 5 API calls 16884->16889 16886->16883 16886->16888 16888->16884 16904 eb7c4b 16889->16904 16892 eb7b59 16891->16892 16892->16871 16893 eb7cdf GetModuleHandleExW 16892->16893 16894 eb7d09 GetProcAddress 16893->16894 16897 eb7d1e 16893->16897 16894->16897 16895 eb7d3b 16898 eb0bbe CatchGuardHandler 5 API calls 16895->16898 16896 eb7d32 FreeLibrary 16896->16895 16897->16895 16897->16896 16899 eb7d45 16898->16899 16899->16871 16900->16877 16918 eb806b 16901->16918 16940 ebb121 LeaveCriticalSection 16904->16940 16906 eb7c24 16906->16879 16906->16880 16941 ebb516 16907->16941 16910 eb7c88 16913 eb7cdf _abort 8 API calls 16910->16913 16911 eb7c68 GetPEB 16911->16910 16912 eb7c78 GetCurrentProcess TerminateProcess 16911->16912 16912->16910 16914 eb7c90 ExitProcess 16913->16914 16916 eb0bbe CatchGuardHandler 5 API calls 16915->16916 16917 ec1b24 16916->16917 16917->16917 16921 eb801a 16918->16921 16920 eb808f 16920->16886 16922 eb8026 BuildCatchObjectHelperInternal 16921->16922 16929 ebb0d1 EnterCriticalSection 16922->16929 16924 eb8034 16930 eb80bb 16924->16930 16928 eb8052 _abort 16928->16920 16929->16924 16933 eb80e3 16930->16933 16934 eb80db 16930->16934 16931 eb0bbe CatchGuardHandler 5 API calls 16932 eb8041 16931->16932 16936 eb805f 16932->16936 16933->16934 16935 eb8de9 _free 20 API calls 16933->16935 16934->16931 16935->16934 16939 ebb121 LeaveCriticalSection 16936->16939 16938 eb8069 16938->16928 16939->16938 16940->16906 16942 ebb53b 16941->16942 16946 ebb531 16941->16946 16943 ebb138 _abort 5 API calls 16942->16943 16943->16946 16944 eb0bbe CatchGuardHandler 5 API calls 16945 eb7c64 16944->16945 16945->16910 16945->16911 16946->16944 16950 ebbf6d 16947->16950 16953 ebbf86 16950->16953 16951 eb0bbe CatchGuardHandler 5 API calls 16952 eb0f10 16951->16952 16952->15211 16953->16951 16954 ea1020 HeapSetInformation GetModuleHandleW 16955 ea103e GetProcAddress 16954->16955 16956 ea1063 SetDllDirectoryW GetModuleHandleW 16954->16956 16955->16956 16962 ea1050 16955->16962 16957 ea107d GetProcAddress 16956->16957 16958 ea10a2 IsProcessorFeaturePresent 16956->16958 16957->16958 16959 ea108f 16957->16959 16960 ea10ae 16958->16960 16961 ea10c6 16958->16961 16959->16958 16963 ea3b70 9 API calls 16960->16963 16964 ea7fe0 30 API calls 16961->16964 16962->16956 16962->16958 16965 ea10b8 ExitProcess 16963->16965 16966 ea10cb 16964->16966 16967 ea10ea 16966->16967 16968 ea10d2 16966->16968 16973 eb08de 16967->16973 16969 ea3b70 9 API calls 16968->16969 16971 ea10dc ExitProcess 16969->16971 16976 eb1035 16973->16976 16975 eb08e3 16975->16975 16977 eb104b 16976->16977 16979 eb1054 16977->16979 16980 eb0fe8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 16977->16980 16979->16975 16980->16979 18067 eb0619 18069 eb0623 18067->18069 18068 ea7ae6 ___delayLoadHelper2@8 17 API calls 18068->18069 18069->18068

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 00EA52F0 Relevance: 231.5, APIs: 95, Strings: 36, Instructions: 2278synchronizationfileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000103), ref: 00EA548F
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7FE0: GetVersionExW.KERNEL32(?), ref: 00EA8004
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00EA54D6
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: OpenProcessToken.ADVAPI32(T,00000008,?,4942A14B,?,00000000), ref: 00EA7EAC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00EC20C0), ref: 00EA7ED9
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00EA7F15
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: IsValidSid.ADVAPI32 ref: 00EA7F22
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: GetSidSubAuthorityCount.ADVAPI32 ref: 00EA7F31
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: GetSidSubAuthority.ADVAPI32(?,?), ref: 00EA7F3D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7E70: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00EA7F4F
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,0000052F), ref: 00EA54FC
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00EA550A
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000000C1), ref: 00EA5593
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00EA55A2
                                                                                                                                                                                                                                                                      • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 00EA55D9
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA55E9
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000420), ref: 00EA5602
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA75E3
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA75F4
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA7605
                                                                                                                                                                                                                                                                      • _wcsrchr.LIBVCRUNTIME ref: 00EA76A1
                                                                                                                                                                                                                                                                      • _wcsrchr.LIBVCRUNTIME ref: 00EA76B3
                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 00EA76EF
                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00EA7707
                                                                                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 00EA7718
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA771F
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EA7817
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: #17.COMCTL32 ref: 00EA3B84
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: LoadStringW.USER32(00EA0000,000003E9,?,00000000), ref: 00EA3BA1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: LoadStringW.USER32(00EA0000,?,?,00000000), ref: 00EA3BBA
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00EA3BCF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExchangeInterlocked$Close$Handle$LoadToken$AuthorityCreateInformationMutexProcessString_wcsrchr$ChangeCopyCountCurrentErrorFileFindHardHelper2@8LastLinkMessageNotificationOpenReleaseValidVersion___delay
                                                                                                                                                                                                                                                                      • String ID: $ /cookie:$ /edat_dir:$ /ga_clientid:$ /sub_edition:$%s\%s$/cookie$/cust_ini$/ppi_icd$/silent$/smbupd$AuthorizationType$Avast One$D$Enabled$Password$Port$Properties$ProxySettings$ProxyType$User$User-Agent: avast! Antivirus (instup)$X>$allow_fallback$avcfg://settings/Common/VersionSwitch$count$enable$http://$https://$installer.exe$mirror$server0$servers$stable$urlpgm${versionSwitch}
                                                                                                                                                                                                                                                                      • API String ID: 1293912049-2556300957
                                                                                                                                                                                                                                                                      • Opcode ID: e52fdeb4b814cde514d95f56611978d7646b8cb82e897c667a8007f16e54d931
                                                                                                                                                                                                                                                                      • Instruction ID: 51603af3460c7684b908d533cececc63d6a4048374536a11939bb8d7557d47c4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e52fdeb4b814cde514d95f56611978d7646b8cb82e897c667a8007f16e54d931
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66237D71E012289EEB24DB64CC45FEEB7B4AF4A304F0451E9E509BA182DB71AF85CF51
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA21B0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 241timelibraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001), ref: 00EA2233
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(008FEC04,00000000), ref: 00EA2244
                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00EA2250
                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EA226E
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 00EA22B5
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00EA22BC
                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00EA22D8
                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,00000019,?), ref: 00EA230B
                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00EA2317
                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000010,?,?), ref: 00EA2401
                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00EA242E
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA1FC0: CreateSolidBrush.GDI32(00824049), ref: 00EA2021
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA1FC0: CreateSolidBrush.GDI32(00F67000), ref: 00EA2064
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA1FC0: BeginPaint.USER32(?,?), ref: 00EA2074
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA1FC0: FillRect.USER32(?,?), ref: 00EA20E3
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA1FC0: FillRect.USER32(?,?), ref: 00EA210D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA1FC0: EndPaint.USER32(?,?), ref: 00EA2118
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ProcWindow$Rect$BrushCreateFillPaintSolidTimer$AddressBeginExchangeHandleInterlockedKillModuleVersion
                                                                                                                                                                                                                                                                      • String ID: DwmSetWindowAttribute$ShutdownBlockReasonCreate$dwmapi.dll$user32.dll
                                                                                                                                                                                                                                                                      • API String ID: 190927372-2496381605
                                                                                                                                                                                                                                                                      • Opcode ID: 46ba777172da4c4a2bbf67ffedc479872a72eac670a97271645c0c1776f2f397
                                                                                                                                                                                                                                                                      • Instruction ID: 256f0d3c1387cb4a2e6a775610da8e37d7bb9acf83fd8dbc0ed3699c790d408a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46ba777172da4c4a2bbf67ffedc479872a72eac670a97271645c0c1776f2f397
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F971C832600208AFDB209F79EC89FEEB778FB4D715F0040A9F606B6261C7765905DB61
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EABB70 Relevance: 41.0, APIs: 13, Strings: 10, Instructions: 777filelibraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 783 eabb70-eabbdd GetVersion 784 eabbe8-eabbf0 783->784 785 eabbdf-eabbe6 783->785 787 eabbf6-eabc11 GetModuleHandleW GetProcAddress 784->787 788 eabcf5-eabd2c GetModuleHandleW GetProcAddress 784->788 786 eabc58-eabc92 call eb5191 * 3 call eb0bbe 785->786 787->786 792 eabc13-eabc2c GetSystemFirmwareTable 787->792 790 eabf1a 788->790 791 eabd32-eabd71 788->791 794 eabf1c 790->794 791->790 811 eabd77-eabd95 MapViewOfFile 791->811 802 eabc2e-eabc4c call eb5196 792->802 803 eabc55 792->803 796 eabf21-eabf2d 794->796 800 eabf39-eabf3b 796->800 801 eabf2f-eabf36 CloseHandle 796->801 805 eac45d-eac45f 800->805 806 eabf41-eabf59 call eacb00 800->806 801->800 818 eabc4e 802->818 819 eabc93-eabcbd call eb1ee0 GetSystemFirmwareTable 802->819 803->786 805->786 812 eac465-eac46c UnmapViewOfFile 805->812 821 eabf5b-eabf75 call eac490 806->821 822 eabf87-eabf9f call eacb00 806->822 816 eabd9b-eabd9f 811->816 817 eabf16-eabf18 811->817 812->786 823 eabda0-eabda6 816->823 817->794 818->803 819->803 845 eabcbf-eabccd 819->845 836 eabf7f-eabf83 821->836 837 eabf77 821->837 834 eabfa1-eabfc2 call eac490 * 2 822->834 835 eabfc5-eabfdd call eacb00 822->835 827 eabda8-eabdb3 823->827 828 eabdb5-eabdbe 823->828 827->823 827->828 832 eabf12-eabf14 828->832 833 eabdc4-eabdc9 828->833 832->794 833->832 838 eabdcf-eabdd1 833->838 834->835 853 eabfdf-eac000 call eac490 * 2 835->853 854 eac003-eac01b call eacb00 835->854 836->822 837->822 842 eabf79-eabf7d 837->842 843 eabddb-eabde7 838->843 844 eabdd3-eabdd5 838->844 842->822 842->836 843->832 848 eabded-eabdf4 843->848 844->832 844->843 846 eabccf-eabcd7 845->846 847 eabcdc-eabcf0 845->847 846->803 847->806 848->832 851 eabdfa-eabe02 848->851 851->832 856 eabe08-eabe10 851->856 853->854 862 eac05c 854->862 863 eac01d-eac031 854->863 856->832 860 eabe16-eabe25 856->860 860->832 864 eabe2b-eabe67 UnmapViewOfFile MapViewOfFile 860->864 870 eac060-eac070 call eab780 862->870 866 eac03b-eac059 call eac490 * 2 863->866 867 eac033 863->867 868 eabf0d-eabf10 864->868 869 eabe6d-eabe8d call eb5196 864->869 866->862 867->862 872 eac035-eac039 867->872 868->794 880 eabe9f-eabedd call eb1ee0 call eb17c0 UnmapViewOfFile 869->880 881 eabe8f-eabe9a 869->881 882 eac471-eac476 call ea9da0 870->882 883 eac076-eac0ae call eacb00 870->883 872->862 872->866 880->796 881->796 887 eac47b-eac485 call ea9da0 882->887 897 eac389-eac39e 883->897 898 eac0b4-eac0b9 883->898 901 eac3a0-eac3b0 897->901 902 eac3b7-eac3bc 897->902 899 eac0cb-eac0e2 call eac490 898->899 900 eac0bb 898->900 918 eac0e8-eac108 899->918 919 eac1a5-eac1b9 call eac490 899->919 905 eac352-eac367 900->905 906 eac0c1-eac0c5 900->906 923 eac3b4 901->923 903 eac3be 902->903 904 eac3c7-eac3dd call eacb00 902->904 908 eac3fc 903->908 909 eac3c0-eac3c5 903->909 925 eac3df-eac3f4 call eac490 904->925 926 eac3f7-eac3fa 904->926 911 eac369-eac379 905->911 912 eac37d-eac381 905->912 906->899 906->905 920 eac3fe 908->920 921 eac407-eac420 call eacb00 908->921 909->904 915 eac403-eac405 909->915 911->912 912->870 917 eac387 912->917 915->921 922 eac457 915->922 917->923 918->887 928 eac10e-eac110 918->928 938 eac1bf-eac1df 919->938 939 eac27c-eac293 call eac490 919->939 920->922 930 eac400 920->930 933 eac45a 921->933 940 eac422-eac455 call eac490 * 3 921->940 922->933 923->902 925->926 926->908 934 eac112-eac114 928->934 935 eac116-eac123 call eb5637 928->935 930->915 933->805 942 eac125-eac131 934->942 935->942 938->887 944 eac1e5-eac1e7 938->944 939->905 955 eac299-eac2b6 939->955 940->933 942->887 946 eac137-eac139 942->946 948 eac1e9-eac1eb 944->948 949 eac1ed-eac1fa call eb5637 944->949 946->887 951 eac13f-eac153 946->951 953 eac1fc-eac208 948->953 949->953 956 eac168 951->956 957 eac155-eac166 call eac8c0 951->957 953->887 962 eac20e-eac210 953->962 955->887 960 eac2bc-eac2be 955->960 964 eac16b-eac193 call eacfb0 956->964 957->964 965 eac2c0-eac2c2 960->965 966 eac2c4-eac2d1 call eb5637 960->966 962->887 968 eac216-eac22a 962->968 964->887 980 eac199-eac1a1 964->980 971 eac2d3-eac2df 965->971 966->971 973 eac23f 968->973 974 eac22c-eac23d call eac8c0 968->974 971->887 979 eac2e5-eac2e7 971->979 981 eac242-eac26a call eacfb0 973->981 974->981 979->887 983 eac2ed-eac301 979->983 980->919 981->887 988 eac270-eac278 981->988 985 eac303-eac314 call eac8c0 983->985 986 eac316 983->986 989 eac319-eac343 call eacfb0 985->989 986->989 988->939 989->887 994 eac349-eac34e 989->994 994->905
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetVersion.KERNEL32(4942A14B,00000000,00000000), ref: 00EABBCD
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 00EABC00
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00EABC07
                                                                                                                                                                                                                                                                      • GetSystemFirmwareTable.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EABC26
                                                                                                                                                                                                                                                                      • GetSystemFirmwareTable.KERNELBASE ref: 00EABCB9
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,NtOpenSection), ref: 00EABD1B
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00EABD22
                                                                                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,000F0000,00010000), ref: 00EABD88
                                                                                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00EABE31
                                                                                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,?,?), ref: 00EABE5A
                                                                                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00EABECA
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EABF30
                                                                                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00EAC466
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileView$HandleUnmap$AddressFirmwareModuleProcSystemTable$CloseVersion
                                                                                                                                                                                                                                                                      • String ID: ,$@$GetSystemFirmwareTable$LK$NtOpenSection$W$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 26960555-3951199179
                                                                                                                                                                                                                                                                      • Opcode ID: 1bb830625b175f86212ca8f481c0f15ef195d361d380e72abeb6938ed1d73b81
                                                                                                                                                                                                                                                                      • Instruction ID: b8414220aae85e0bab462aac7da3e4669cfa49f063932d28fa6ace59501d04d8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb830625b175f86212ca8f481c0f15ef195d361d380e72abeb6938ed1d73b81
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6052BE75E006189FCB10CBA8CC51BAEBBF9AF4E314F284119E955BB242D735BD42CB94
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA1930 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 243commemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 995 ea1930-ea1960 FindResourceW 996 ea1962-ea1977 SizeofResource LoadResource 995->996 997 ea19d1-ea19d6 995->997 996->997 998 ea1979-ea1984 LockResource 996->998 999 ea1bd9-ea1beb call eb0bbe 997->999 1000 ea19dc-ea19ee CoInitializeEx 997->1000 998->997 1001 ea1986-ea1995 GlobalAlloc 998->1001 1003 ea1a96-ea1a9b 1000->1003 1004 ea19f4-ea1a0e CoCreateInstance 1000->1004 1001->997 1006 ea1997-ea19a0 GlobalLock 1001->1006 1008 ea1aad-ea1ab2 1003->1008 1009 ea1a9d-ea1aab 1003->1009 1004->1003 1005 ea1a14-ea1a28 1004->1005 1021 ea1a2a-ea1a2c 1005->1021 1010 ea19a2-ea19bd call eb17c0 GlobalUnlock CreateStreamOnHGlobal 1006->1010 1011 ea19c3-ea19c8 1006->1011 1012 ea1ab8-ea1ae7 1008->1012 1013 ea1bb5-ea1bd8 call eb0bbe 1008->1013 1009->1008 1010->1011 1011->1000 1017 ea19ca-ea19cb GlobalFree 1011->1017 1025 ea1aed-ea1af2 1012->1025 1026 ea1ba5-ea1bb3 1012->1026 1017->997 1021->1003 1024 ea1a2e-ea1a4a 1021->1024 1024->1003 1035 ea1a4c-ea1a50 1024->1035 1025->1026 1028 ea1af8-ea1afd 1025->1028 1026->1013 1028->1026 1031 ea1b03-ea1b68 GetDC CreateDIBSection ReleaseDC 1028->1031 1031->1026 1033 ea1b6a-ea1b8f 1031->1033 1038 ea1b91-ea1b93 1033->1038 1035->1003 1037 ea1a52-ea1a70 1035->1037 1037->1003 1042 ea1a72-ea1a94 call ea7809 1037->1042 1038->1026 1040 ea1b95-ea1b9e DeleteObject 1038->1040 1040->1026 1042->1003
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?), ref: 00EA1956
                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,?,?), ref: 00EA1964
                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,?), ref: 00EA196F
                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?), ref: 00EA197A
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,?,?,?,?), ref: 00EA198B
                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000,?,?,?), ref: 00EA1998
                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?), ref: 00EA19B0
                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?), ref: 00EA19BD
                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00EA19CB
                                                                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000000,?,?,?), ref: 00EA19E6
                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00EC3EF4,00000000,00000001,00EC366C,?,?,?,?), ref: 00EA1A06
                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EA1B3B
                                                                                                                                                                                                                                                                      • CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 00EA1B52
                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00EA1B5E
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EA1B98
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Global$Resource$Create$Lock$AllocDeleteFindFreeInitializeInstanceLoadObjectReleaseSectionSizeofStreamUnlock
                                                                                                                                                                                                                                                                      • String ID: ($PNG
                                                                                                                                                                                                                                                                      • API String ID: 3552602207-4064097209
                                                                                                                                                                                                                                                                      • Opcode ID: 7d99b912ae4999ad4981fd146580a9aed609cbd10746077aa94ef563bd0a8de3
                                                                                                                                                                                                                                                                      • Instruction ID: 994f6cec40d2e93e0d66309840036de1f8a7bfa9b8f2043f6574f4460bae704d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d99b912ae4999ad4981fd146580a9aed609cbd10746077aa94ef563bd0a8de3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13916071A01219AFDB04DFA5DC88FAEBBB8FF49704F144169E505BB250DB71AE06CB90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA41B0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 132stringtimeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00EA41D4
                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EA41ED
                                                                                                                                                                                                                                                                      • GetVersionExA.KERNEL32(0000009C,?,?,00989680,00000000), ref: 00EA4217
                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNELBASE(?), ref: 00EA422E
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00EA42DC
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00EA42FF
                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00EA4316
                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00EA436E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: SystemTimewsprintf$FileInfoNativeUnothrow_t@std@@@Version__ehfuncinfo$??2@lstrcatlstrlen
                                                                                                                                                                                                                                                                      • String ID: status=%08lxstatus_microstub=%08lx%08lx$AMD64$cookie=%lsedition=%ldevent=%smidex=%lsstat_session=%lsstatsSendTime=%I64dos=win,%d,%d,%d,%d,%d,%s%sexe_version=%lsSfxVersion=%ls$microstub$srv$x:$8$:
                                                                                                                                                                                                                                                                      • API String ID: 2179732243-2433335992
                                                                                                                                                                                                                                                                      • Opcode ID: b3bb12234c93ce5984fe11302f3724080d0323956d3e88b97686b8e7d054b01c
                                                                                                                                                                                                                                                                      • Instruction ID: dc559e4f6bee0a2b5dd84010fde6b637cb07b41fdf58afcd930aa7b5e6d5c7b1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3bb12234c93ce5984fe11302f3724080d0323956d3e88b97686b8e7d054b01c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A517FB1A002189FCF60CF64CD45F9EBBB8EF48305F0081E9E609B6151DB729A99DF54
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA38C0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1217 ea38c0-ea38f1 CreateFileMappingW 1218 ea38f3-ea38fb GetLastError 1217->1218 1219 ea3900-ea3914 MapViewOfFile 1217->1219 1220 ea3996-ea39b1 SetLastError call eb0bbe 1218->1220 1221 ea3920-ea392d FindResourceW 1219->1221 1222 ea3916-ea391e GetLastError 1219->1222 1225 ea397f-ea3985 GetLastError 1221->1225 1226 ea392f-ea3939 LoadResource 1221->1226 1224 ea398e-ea3995 CloseHandle 1222->1224 1224->1220 1227 ea3987-ea3988 UnmapViewOfFile 1225->1227 1226->1225 1229 ea393b-ea3953 call eb0602 1226->1229 1227->1224 1229->1225 1232 ea3955-ea397d wsprintfW 1229->1232 1232->1227
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateFileMappingW.KERNELBASE(?,00000000,01000002,00000000,00000000,00000000,?), ref: 00EA38E7
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA38F3
                                                                                                                                                                                                                                                                      • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?), ref: 00EA390A
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA3916
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EA398F
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00EA3997
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$File$CloseCreateHandleMappingView
                                                                                                                                                                                                                                                                      • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                                                                      • API String ID: 1867540158-3491811756
                                                                                                                                                                                                                                                                      • Opcode ID: 677c6e2ea1c7b7496f65508162f538e4a80ad3fc6f99e35e178700937dcfa331
                                                                                                                                                                                                                                                                      • Instruction ID: b2b620b3d5959d468c77980cbb755bc192f6ba728d346f9fef6d98bc29ed3dc3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 677c6e2ea1c7b7496f65508162f538e4a80ad3fc6f99e35e178700937dcfa331
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF21A572600214BFD7205B768C49FBBBB7CEF49751F148069FD06F6280DAB69A06C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAA100 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 329fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1267 eaa100-eaa148 call eab780 1270 eaa14e-eaa1b7 GetVersion call ea9ff0 CreateFileW 1267->1270 1271 eaa4b7-eaa4bc call ea9da0 1267->1271 1282 eaa1b9-eaa1c2 GetLastError 1270->1282 1283 eaa1c7-eaa1db call eb5196 1270->1283 1273 eaa4c1-eaa4c6 call ea9da0 1271->1273 1276 eaa4cb-eaa4d0 call ea9da0 1273->1276 1280 eaa4d5-eaa4da call eacc40 1276->1280 1285 eaa46e-eaa482 call eb5191 1282->1285 1290 eaa1e9-eaa229 call eb1ee0 DeviceIoControl 1283->1290 1291 eaa1dd-eaa1e4 1283->1291 1295 eaa498-eaa4b6 call eb0bbe 1285->1295 1296 eaa484-eaa494 1285->1296 1299 eaa22b-eaa234 GetLastError 1290->1299 1300 eaa239-eaa23e 1290->1300 1293 eaa465-eaa468 CloseHandle 1291->1293 1293->1285 1296->1295 1299->1293 1303 eaa45e 1300->1303 1304 eaa244-eaa247 1300->1304 1303->1293 1304->1303 1305 eaa24d-eaa252 1304->1305 1306 eaa41b-eaa420 1305->1306 1307 eaa258 1305->1307 1308 eaa438-eaa43d 1306->1308 1309 eaa422-eaa436 call eacb70 call eacc50 1306->1309 1310 eaa25a-eaa25f 1307->1310 1311 eaa265-eaa273 call eab780 1307->1311 1313 eaa440-eaa445 1308->1313 1309->1293 1310->1306 1310->1311 1311->1273 1318 eaa279-eaa29b 1311->1318 1313->1313 1317 eaa447-eaa45c call eacb70 call eacc50 1313->1317 1317->1293 1318->1276 1327 eaa2a1-eaa2b0 1318->1327 1328 eaa2be-eaa2d7 call eacdd0 1327->1328 1329 eaa2b2-eaa2bb call eac8c0 1327->1329 1334 eaa2d9-eaa2db 1328->1334 1335 eaa2dd-eaa2eb call eb5637 1328->1335 1329->1328 1336 eaa2f1-eaa2f4 1334->1336 1335->1276 1335->1336 1336->1276 1339 eaa2fa-eaa30e 1336->1339 1340 eaa3e2-eaa3f3 1339->1340 1341 eaa314-eaa321 1339->1341 1344 eaa40e-eaa419 call eacc50 1340->1344 1345 eaa3f5-eaa40b 1340->1345 1342 eaa3d7-eaa3dc 1341->1342 1343 eaa327-eaa32e 1341->1343 1348 eaa3dd call eacb70 1342->1348 1343->1342 1347 eaa334-eaa354 1343->1347 1344->1293 1345->1344 1354 eaa362-eaa37f 1347->1354 1355 eaa356-eaa358 1347->1355 1348->1340 1354->1280 1362 eaa385-eaa39e call eacfb0 1354->1362 1355->1354 1356 eaa35a-eaa360 1355->1356 1357 eaa3a1-eaa3ae 1356->1357 1359 eaa3ca-eaa3d5 1357->1359 1360 eaa3b0-eaa3c7 1357->1360 1359->1340 1360->1359 1362->1357
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetVersion.KERNEL32 ref: 00EAA180
                                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00EAA1A9
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EAA1B9
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EAA468
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseCreateErrorFileHandleLastVersion
                                                                                                                                                                                                                                                                      • String ID: DV$SCSIDISK$\\.\PhysicalDrive%u$\\.\Scsi%u:
                                                                                                                                                                                                                                                                      • API String ID: 1515857667-2098683879
                                                                                                                                                                                                                                                                      • Opcode ID: 404fc8aeefe52d15ef8b5495ae96b521037ff9149f4703ba65b4bf20cdf9e700
                                                                                                                                                                                                                                                                      • Instruction ID: 904c6ffb9367200772095fe6dde6dab1b74069097622779ea7343985a43ccc14
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 404fc8aeefe52d15ef8b5495ae96b521037ff9149f4703ba65b4bf20cdf9e700
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BC1AD71A002189FDF04DFA4C885AADBBB5FF4E314F18816AE815BF251DB71AD05CBA1
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8DC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88encryptionstringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1449 ea8dc0-ea8e4b call eb1ee0 call ea7fe0 1454 ea8e5c-ea8e75 CryptAcquireContextA 1449->1454 1455 ea8e4d-ea8e56 lstrcatA 1449->1455 1456 ea8ea7-ea8ed4 GetLastError call ea7da0 call eb203a 1454->1456 1457 ea8e77-ea8e80 1454->1457 1455->1454 1466 ea8edf 1456->1466 1467 ea8ed6-ea8ed9 CryptReleaseContext 1456->1467 1458 ea8e8b-ea8ea6 call eb0bbe 1457->1458 1459 ea8e82-ea8e85 CryptReleaseContext 1457->1459 1459->1458 1467->1466
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7FE0: GetVersionExW.KERNEL32(?), ref: 00EA8004
                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?, (Prototype),?,4942A14B,?), ref: 00EA8E56
                                                                                                                                                                                                                                                                      • CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,4942A14B,?), ref: 00EA8E6D
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000,?,4942A14B,?), ref: 00EA8E85
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,4942A14B,?), ref: 00EA8EAC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00EA7DD8
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA8ECA
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB203A: RaiseException.KERNEL32(?,?,00EA8071,?,?,?,?,?,?,?,?,00EA8071,?,00ECB144,00000000), ref: 00EB209A
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00ECB144,00000000,?,4942A14B,?), ref: 00EA8ED9
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ContextCrypt$Release$AcquireErrorExceptionException@8LastRaiseThrowVersion___std_exception_copylstrcat
                                                                                                                                                                                                                                                                      • String ID: (Prototype)$Unable to acquire cryptographic provider!$vider
                                                                                                                                                                                                                                                                      • API String ID: 2041426586-155044149
                                                                                                                                                                                                                                                                      • Opcode ID: b127434d0f199ea0cf4297c15488d96ab8402d98ecab8e04998cdb2ffab3dea8
                                                                                                                                                                                                                                                                      • Instruction ID: dac3aee6166b1866ce813ab4919a09486d86f8c7c91f734f480fa4116d643579
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b127434d0f199ea0cf4297c15488d96ab8402d98ecab8e04998cdb2ffab3dea8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB319E71E002199FDB20DFA5DD55FAEB3B8FB08700F10922AF905B7291EB71A649CB50
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA9450 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00EA8378,0000800C,4942A14B,?), ref: 00EA9470
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(?,00000000), ref: 00EA9489
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to create hash context!), ref: 00EA94A4
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA94BC
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to create hash context!, xrefs: 00EA949F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CryptHash$CreateDestroyErrorException@8LastThrow
                                                                                                                                                                                                                                                                      • String ID: Unable to create hash context!
                                                                                                                                                                                                                                                                      • API String ID: 1323042765-1944974401
                                                                                                                                                                                                                                                                      • Opcode ID: 1840e4606e13bf1a9634f1b07af1e55d88e1df6de4710916833e7a0a68175670
                                                                                                                                                                                                                                                                      • Instruction ID: dda91a79d5c8560dc7ebaaf89cce428d8c88e847fe2cdfbaf45369e654c9989c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1840e4606e13bf1a9634f1b07af1e55d88e1df6de4710916833e7a0a68175670
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F018171601308AFDB14EFA1CD46FAE7BB8EF08700F00446DB952B7290DA31AA05CB90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA9250 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptGenRandom.ADVAPI32(00000008,00EA9209,4942A14B,?,00EA9209,0000800C,?,?,00ECB144,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA92A8
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to generate random number!,?,00EA9209,0000800C,?,?,00ECB144,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA9320
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00EA7DD8
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA9338
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB203A: RaiseException.KERNEL32(?,?,00EA8071,?,?,?,?,?,?,?,?,00EA8071,?,00ECB144,00000000), ref: 00EB209A
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to generate random number!, xrefs: 00EA931B
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CryptErrorExceptionException@8LastRaiseRandomThrow___std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: Unable to generate random number!
                                                                                                                                                                                                                                                                      • API String ID: 4207938790-1854326980
                                                                                                                                                                                                                                                                      • Opcode ID: eae50475735c946a59fd2b94b8719024b30e3f98e617c28fd8fcf1bb91ae7d8c
                                                                                                                                                                                                                                                                      • Instruction ID: 5ddd7d7d238e45992ac7b4b8311d82c8d8cc513897513a4fadfd26459a4bb1b8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eae50475735c946a59fd2b94b8719024b30e3f98e617c28fd8fcf1bb91ae7d8c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B21B071A003489FCB14EFA4DD42FAE77B8FB09710F105669F921B73D1DB31A9458A61
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAF080 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,00EAFCDE,?,?,?,?,?,00000000), ref: 00EAF0A3
                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00EAFCDE,?,?,?,?,?,00000000), ref: 00EAF0AA
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00EAFCDE,?,?,?,?,?,00000000), ref: 00EAF0E2
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 00EAF0E9
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocateFree
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 576844849-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2f161465154fe7a3d83839b864517ea759710bd8c258d601617b0197ba5dbd74
                                                                                                                                                                                                                                                                      • Instruction ID: f9275cb07d5d1d87aed539f0e4ee1badb744bf67c4ea720ba72eb64f880f845a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f161465154fe7a3d83839b864517ea759710bd8c258d601617b0197ba5dbd74
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9101D272200201AFE7109FAADC86E67B7DCEB44324F04C53AF55AD7261D732F8048B60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAB0E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 449encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAB780: GetProcessHeap.KERNEL32(DV), ref: 00EAB7DC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: lstrcatA.KERNEL32(?, (Prototype),?,4942A14B,?), ref: 00EA8E56
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,4942A14B,?), ref: 00EA8E6D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,4942A14B,?), ref: 00EA8E85
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9450: CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00EA8378,0000800C,4942A14B,?), ref: 00EA9470
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9450: CryptDestroyHash.ADVAPI32(?,00000000), ref: 00EA9489
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,4942A14B,?), ref: 00EA8EAC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: __CxxThrowException@8.LIBVCRUNTIME ref: 00EA8ECA
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,00ECB144,00000000,?,4942A14B,?), ref: 00EA8ED9
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9450: GetLastError.KERNEL32(Unable to create hash context!), ref: 00EA94A4
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9450: __CxxThrowException@8.LIBVCRUNTIME ref: 00EA94BC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAC500: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00EAC5FD
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAC500: GetLastError.KERNEL32(?,?,?,?,00EC2548), ref: 00EAC607
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9340: CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00EA8744,00000000,4942A14B,?,?,?,00000000), ref: 00EA9395
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9340: CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 00EA93DC
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 00EAB5EF
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 00EAB623
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Crypt$Hash$ContextDestroyErrorLast$Exception@8ParamReleaseThrow$AcquireCreateDirectoryHeapProcessSystemlstrcat
                                                                                                                                                                                                                                                                      • String ID: DV
                                                                                                                                                                                                                                                                      • API String ID: 2781682779-4043617073
                                                                                                                                                                                                                                                                      • Opcode ID: 0dee2bbc0d1f317844d8e940c811c7f536fc0b7fae54a10d972771ea7d38131f
                                                                                                                                                                                                                                                                      • Instruction ID: 9fa398d1408dbe247aff61adc7e03e8480a36ba2ec40276a744c51194dbb9080
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0dee2bbc0d1f317844d8e940c811c7f536fc0b7fae54a10d972771ea7d38131f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D128F31D012688BDB11DB64CC44BDEBBB5AF49314F1482DAD819BB382DB75AE84CF91
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA82F0 Relevance: 1.6, APIs: 1, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000,00000004,?,00EA8744,0000800C,4942A14B,?), ref: 00EA83CB
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,4942A14B,?,?,00EA8744,?,?,?,?,00EC2269,000000FF), ref: 00EA9088
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA90A4
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptHashData.ADVAPI32(?,?,4942A14B,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA90BB
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA90E4
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00EC2269,000000FF), ref: 00EA9128
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA913E
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9020: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA914E
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Crypt$Hash$Destroy$Param$ContextCreateDataRelease
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2857581251-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9eadf9c8f3fad4bcbc6b3af5b78e4e05d1c483f7b1fefc5ede3bd14aff9bb48a
                                                                                                                                                                                                                                                                      • Instruction ID: 6c8a12605368992eb179ff6336cbb38d1a80c4d01ae93663328b96e94fe5b1dc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9eadf9c8f3fad4bcbc6b3af5b78e4e05d1c483f7b1fefc5ede3bd14aff9bb48a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9310BB1D00209ABDB00DF95C982BEFBBB8FF59714F005119E911B7281DB74AA09CBA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA27B0 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 646 ea27b0-ea27ce 647 ea27d9 646->647 648 ea27d0-ea27d2 646->648 650 ea27db-ea27dd 647->650 648->647 649 ea27d4-ea27d7 648->649 649->650 651 ea27df-ea27e3 650->651 652 ea27e5 650->652 651->652 653 ea27e7-ea2808 call ea3b30 651->653 652->653 657 ea280a-ea2812 GetLastError 653->657 658 ea2817-ea282f 653->658 659 ea2b75-ea2b90 SetLastError call eb0bbe 657->659 662 ea283e-ea286a 658->662 663 ea2831-ea2839 GetLastError 658->663 667 ea2879-ea287d 662->667 668 ea286c-ea2874 GetLastError 662->668 665 ea2b6c 663->665 665->659 670 ea287f-ea2884 667->670 671 ea28b6-ea28b9 667->671 669 ea2b62-ea2b6b 668->669 669->665 670->671 672 ea2886-ea28b0 670->672 673 ea28bb-ea28d5 671->673 674 ea2924-ea2934 671->674 672->671 682 ea2b53-ea2b59 GetLastError 672->682 673->682 684 ea28db-ea28ec call ea7fe0 673->684 675 ea2981-ea2983 674->675 676 ea2936-ea2938 674->676 678 ea2988-ea29a3 675->678 676->675 680 ea293a-ea293d 676->680 678->682 690 ea29a9-ea29b4 678->690 680->675 683 ea293f-ea294c GetFileSizeEx 680->683 686 ea2b5b 682->686 683->682 687 ea2952-ea2955 683->687 693 ea28ee 684->693 694 ea28f5-ea291e 684->694 686->669 691 ea2957-ea295a 687->691 692 ea2985 687->692 690->682 699 ea29ba-ea29db 690->699 695 ea295c-ea295e 691->695 696 ea2960-ea297f wsprintfW 691->696 692->678 693->694 694->674 694->682 695->692 695->696 696->678 699->682 702 ea29e1-ea29ed 699->702 702->686 703 ea29f3-ea29f9 702->703 703->686 704 ea29ff-ea2a03 703->704 705 ea2a43-ea2a60 704->705 706 ea2a05-ea2a0b 704->706 711 ea2a62-ea2a6d GetLastError 705->711 712 ea2a73-ea2a77 705->712 706->705 707 ea2a0d-ea2a28 SetFilePointerEx 706->707 707->682 709 ea2a2e-ea2a39 SetEndOfFile 707->709 709->682 710 ea2a3f 709->710 710->705 711->682 711->712 713 ea2a8a-ea2aa3 GetProcessHeap RtlAllocateHeap 712->713 714 ea2a79-ea2a7e 712->714 713->682 716 ea2aa9-ea2aae 713->716 714->713 715 ea2a80-ea2a84 InterlockedExchange 714->715 715->713 717 ea2ab0-ea2ac5 716->717 719 ea2afe-ea2b04 GetLastError 717->719 720 ea2ac7-ea2ade WriteFile 717->720 721 ea2b06-ea2b0b 719->721 720->719 722 ea2ae0-ea2aea 720->722 723 ea2b3c-ea2b51 GetProcessHeap RtlFreeHeap 721->723 724 ea2b0d-ea2b0f 721->724 725 ea2aec-ea2aee InterlockedExchangeAdd 722->725 726 ea2af4-ea2af7 722->726 723->686 724->723 728 ea2b11-ea2b25 SetFilePointerEx 724->728 725->726 726->721 727 ea2af9-ea2afc 726->727 727->717 729 ea2b27-ea2b32 SetEndOfFile 728->729 730 ea2b34-ea2b3a GetLastError 728->730 729->723 729->730 730->723
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$FileSizewsprintf
                                                                                                                                                                                                                                                                      • String ID: %hs%d-$DA$Range: bytes=
                                                                                                                                                                                                                                                                      • API String ID: 297799064-3488713235
                                                                                                                                                                                                                                                                      • Opcode ID: 37466b2287d6ff48d414dc9e9ac96d353ae6b804fa9c3df4d22e65638c8ebd27
                                                                                                                                                                                                                                                                      • Instruction ID: 5a3a9c01fa194230d499bcc8cf11b2efb2903bc6a521a12825a0a50db9b0b2d2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37466b2287d6ff48d414dc9e9ac96d353ae6b804fa9c3df4d22e65638c8ebd27
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDC12171A00205AFEB209FB9DC45F6EBBB9EF09704F14952DFA06FA190D771E9458B20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA7E70 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 125COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(T,00000008,?,4942A14B,?,00000000), ref: 00EA7EAC
                                                                                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00EC20C0), ref: 00EA7ED9
                                                                                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00EA7F15
                                                                                                                                                                                                                                                                      • IsValidSid.ADVAPI32 ref: 00EA7F22
                                                                                                                                                                                                                                                                      • GetSidSubAuthorityCount.ADVAPI32 ref: 00EA7F31
                                                                                                                                                                                                                                                                      • GetSidSubAuthority.ADVAPI32(?,?), ref: 00EA7F3D
                                                                                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00EA7F4F
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to open process token!), ref: 00EA7F78
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA7F90
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to retrieve process mandatory label!,?,00ECB144,00000000), ref: 00EA7F9A
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA7FB2
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to verify mandatory label!,?,00ECB144,00000000), ref: 00EA7FBC
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA7FD4
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorException@8LastThrowToken$AuthorityInformation$ChangeCloseCountFindNotificationOpenProcessValid
                                                                                                                                                                                                                                                                      • String ID: Unable to open process token!$Unable to retrieve process mandatory label!$Unable to verify mandatory label!$T
                                                                                                                                                                                                                                                                      • API String ID: 3836789619-4181844671
                                                                                                                                                                                                                                                                      • Opcode ID: a06ad5e91cfba216611c3775565cdeeef510bc725e4a94838eb6ff4753f15a99
                                                                                                                                                                                                                                                                      • Instruction ID: 73966c11b63e7897a5bd916eccb083310bb2d8bbf1cdb827354cbb9db08e1566
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a06ad5e91cfba216611c3775565cdeeef510bc725e4a94838eb6ff4753f15a99
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82412471900209AFDB14EBA5DD46FAFB7B8FF09700F045129F902F6190DB75A605CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA1D90 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 168registrywindowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1082 ea1d90-ea1dde 1083 ea1de0-ea1de3 1082->1083 1084 ea1de5 1082->1084 1083->1084 1085 ea1dea-ea1df7 call ea1930 1083->1085 1084->1085 1088 ea1f8a-ea1f91 1085->1088 1089 ea1dfd-ea1e0c GetObjectW 1085->1089 1090 ea1f96-ea1fb1 call eb0bbe 1088->1090 1089->1088 1091 ea1e12-ea1ecd LoadImageW * 2 CreatePatternBrush call ea3b30 KiUserCallbackDispatcher GetSystemMetrics LoadImageW SystemParametersInfoW 1089->1091 1091->1088 1096 ea1ed3-ea1f49 call ea3b30 RegisterClassExW CreateWindowExW InterlockedExchange 1091->1096 1096->1088 1099 ea1f4b 1096->1099 1100 ea1f50-ea1f62 KiUserCallbackDispatcher 1099->1100 1101 ea1f64-ea1f67 1100->1101 1102 ea1f75-ea1f7f 1100->1102 1101->1100 1103 ea1f69-ea1f73 DispatchMessageW 1101->1103 1102->1090 1103->1100
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(00000000,00000018,?), ref: 00EA1E04
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,00000064,00000001,00000000,00000000,00000040), ref: 00EA1E51
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00EA1E6C
                                                                                                                                                                                                                                                                      • CreatePatternBrush.GDI32(00000000), ref: 00EA1E76
                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(00000032), ref: 00EA1E98
                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000031), ref: 00EA1EA2
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00EA1EB2
                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EA1EC5
                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00EA1F0F
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,90080000,?,?,?,?,00000000,00000000,?,?), ref: 00EA1F38
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00EA1F40
                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00EA1F5A
                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00EA1F6D
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ImageLoad$CallbackCreateDispatcherSystemUser$BrushClassDispatchExchangeInfoInterlockedMessageMetricsObjectParametersPatternRegisterWindow
                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                      • API String ID: 2747924374-4108050209
                                                                                                                                                                                                                                                                      • Opcode ID: af7ecb1d153cba25d8b74ecfc9dc935cbfcfd216b742dc1023efca8c513a1623
                                                                                                                                                                                                                                                                      • Instruction ID: e744aa54c7a7f1d6b90509fdc10dbfad4a80033c21b698bde431f88ee79fd3f7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af7ecb1d153cba25d8b74ecfc9dc935cbfcfd216b742dc1023efca8c513a1623
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3515E71A40318AFEB208FA5CC49FAEBBB8FB08710F148169F605BB2D0D7756905CB50
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA1020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 60libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1104 ea1020-ea103c HeapSetInformation GetModuleHandleW 1105 ea103e-ea104e GetProcAddress 1104->1105 1106 ea1063-ea107b SetDllDirectoryW GetModuleHandleW 1104->1106 1105->1106 1109 ea1050-ea1061 1105->1109 1107 ea107d-ea108d GetProcAddress 1106->1107 1108 ea10a2-ea10ac IsProcessorFeaturePresent 1106->1108 1107->1108 1110 ea108f-ea10a0 1107->1110 1111 ea10ae-ea10c0 call ea3b70 ExitProcess 1108->1111 1112 ea10c6-ea10d0 call ea7fe0 1108->1112 1109->1106 1109->1108 1110->1108 1119 ea10ea call eb08de 1112->1119 1120 ea10d2-ea10e4 call ea3b70 ExitProcess 1112->1120 1125 ea10ef-ea10f0 ExitProcess 1119->1125
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00EA1029
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00EA1034
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00EA1044
                                                                                                                                                                                                                                                                      • SetDllDirectoryW.KERNEL32(00EC35D4), ref: 00EA1068
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00EA1073
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LdrEnumerateLoadedModules), ref: 00EA1083
                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EA10A4
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00EA10C0
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00EA10E4
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00EA10F0
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc$DirectoryFeatureHeapInformationPresentProcessor
                                                                                                                                                                                                                                                                      • String ID: LdrEnumerateLoadedModules$SetDefaultDllDirectories$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 1484830609-1451921263
                                                                                                                                                                                                                                                                      • Opcode ID: 65d64632eb39ef25bc5186849f3ae7a886ca271b99236998488ff4a0c6dd903b
                                                                                                                                                                                                                                                                      • Instruction ID: fbfbf7030473e40c05f24cfc0697d737c2ae578e3c4b6d44bf5ea75361c2d534
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65d64632eb39ef25bc5186849f3ae7a886ca271b99236998488ff4a0c6dd903b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1115175B813117FD6303772AD4FF0A39589B09B46F049074F906B91E0DE929A4A4A96
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAC500 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 316fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1126 eac500-eac541 call eab780 1129 eac88c-eac891 call ea9da0 1126->1129 1130 eac547-eac56e call eab780 1126->1130 1132 eac896-eac89b call ea9da0 1129->1132 1130->1132 1141 eac574-eac598 call eab780 1130->1141 1135 eac8a0-eac8a5 call ea9da0 1132->1135 1139 eac8aa-eac8b4 call ea9da0 1135->1139 1141->1135 1148 eac59e-eac5e5 1141->1148 1151 eac5f7-eac605 GetSystemDirectoryW 1148->1151 1152 eac5e7-eac5f4 call eac920 1148->1152 1153 eac607-eac612 GetLastError 1151->1153 1154 eac614-eac616 1151->1154 1152->1151 1156 eac619-eac62c call eb575e 1153->1156 1154->1156 1156->1139 1160 eac632-eac638 1156->1160 1160->1139 1161 eac63e-eac649 1160->1161 1162 eac64f-eac662 1161->1162 1163 eac7fd-eac80d 1161->1163 1166 eac677-eac686 GetVolumePathNameW 1162->1166 1167 eac664-eac674 call eac920 1162->1167 1164 eac80f-eac823 1163->1164 1165 eac826-eac833 1163->1165 1164->1165 1168 eac849-eac857 1165->1168 1169 eac835-eac845 1165->1169 1171 eac688-eac690 GetLastError 1166->1171 1172 eac693-eac6a1 call eb575e 1166->1172 1167->1166 1175 eac859-eac869 1168->1175 1176 eac86d-eac88b call eb0bbe 1168->1176 1169->1168 1171->1172 1172->1139 1181 eac6a7-eac6aa 1172->1181 1175->1176 1181->1139 1185 eac6b0-eac6bb 1181->1185 1185->1163 1186 eac6c1-eac6d3 1185->1186 1187 eac6e5-eac6f4 GetVolumeNameForVolumeMountPointW 1186->1187 1188 eac6d5-eac6e2 call eac920 1186->1188 1190 eac701-eac70f call eb575e 1187->1190 1191 eac6f6-eac6fe GetLastError 1187->1191 1188->1187 1190->1139 1195 eac715-eac718 1190->1195 1191->1190 1195->1139 1196 eac71e-eac729 1195->1196 1196->1163 1197 eac72f-eac737 1196->1197 1198 eac739-eac73b 1197->1198 1199 eac79e-eac7b6 CreateFileW 1197->1199 1202 eac740-eac744 1198->1202 1200 eac7b8-eac7c1 GetLastError 1199->1200 1201 eac7c3-eac7e1 DeviceIoControl 1199->1201 1200->1163 1205 eac7ee-eac7f4 1201->1205 1206 eac7e3-eac7ec GetLastError 1201->1206 1203 eac751 1202->1203 1204 eac746-eac74f 1202->1204 1208 eac753-eac75f 1203->1208 1204->1208 1207 eac7f6-eac7f7 CloseHandle 1205->1207 1206->1207 1207->1163 1208->1202 1209 eac761-eac763 1208->1209 1209->1199 1210 eac765-eac769 1209->1210 1210->1139 1211 eac76f-eac77e 1210->1211 1212 eac78c-eac78f 1211->1212 1213 eac780-eac789 call eac920 1211->1213 1212->1139 1215 eac795-eac79a 1212->1215 1213->1212 1215->1199
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAB780: GetProcessHeap.KERNEL32(DV), ref: 00EAB7DC
                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00EAC5FD
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,00EC2548), ref: 00EAC607
                                                                                                                                                                                                                                                                      • GetVolumePathNameW.KERNELBASE(?,00000010,00000104,?,?,?,?,?,00EC2548), ref: 00EAC67E
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00EC2548), ref: 00EAC688
                                                                                                                                                                                                                                                                      • GetVolumeNameForVolumeMountPointW.KERNELBASE(00000010,00000010,00000104,?,?,?,?,?,?,?,00EC2548), ref: 00EAC6EC
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00EC2548), ref: 00EAC6F6
                                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00EAC7AB
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00EC2548), ref: 00EAC7B8
                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNELBASE(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000), ref: 00EAC7D9
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00EC2548), ref: 00EAC7E3
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00EC2548), ref: 00EAC7F7
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$Volume$Name$CloseControlCreateDeviceDirectoryFileHandleHeapMountPathPointProcessSystem
                                                                                                                                                                                                                                                                      • String ID: H%
                                                                                                                                                                                                                                                                      • API String ID: 204137380-1300123970
                                                                                                                                                                                                                                                                      • Opcode ID: ca8accb997a6afae1b3d3c1a3d8cd82d0f65da662a527e939d412c9b333dad48
                                                                                                                                                                                                                                                                      • Instruction ID: e02f8907963bd70fc4cc89edccba9a071431b57328bcb5989a775dca9995dad9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca8accb997a6afae1b3d3c1a3d8cd82d0f65da662a527e939d412c9b333dad48
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDB19C35A006159FDB14DFB9C889BAEB7E5EF4D310F24912AE902BB390DB75A901CB50
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA3190 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1233 ea3190-ea31b9 GetWindowsDirectoryW 1234 ea31bf-ea31c2 1233->1234 1235 ea3240-ea3246 GetLastError 1233->1235 1234->1235 1236 ea31c4-ea31e1 call ea9250 ConvertStringSecurityDescriptorToSecurityDescriptorA 1234->1236 1237 ea3248-ea324d 1235->1237 1236->1235 1243 ea31e3-ea3217 wsprintfW CreateDirectoryW 1236->1243 1239 ea324f-ea3250 LocalFree 1237->1239 1240 ea3256-ea3272 SetLastError call eb0bbe 1237->1240 1239->1240 1243->1237 1245 ea3219-ea323e wsprintfW CreateDirectoryW 1243->1245 1245->1235 1245->1237
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000020,?,?,?), ref: 00EA31B1
                                                                                                                                                                                                                                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU),00000001,?,00000000), ref: 00EA31DA
                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00EA3201
                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,?), ref: 00EA320F
                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00EA3228
                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,?), ref: 00EA3236
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?), ref: 00EA3240
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?), ref: 00EA3250
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?), ref: 00EA3257
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA9250: CryptGenRandom.ADVAPI32(00000008,00EA9209,4942A14B,?,00EA9209,0000800C,?,?,00ECB144,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA92A8
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU), xrefs: 00EA31D5
                                                                                                                                                                                                                                                                      • %c:\asw.%08x%08x, xrefs: 00EA3222
                                                                                                                                                                                                                                                                      • %s\Temp\asw.%08x%08x, xrefs: 00EA31F1
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Directory$CreateDescriptorErrorLastSecuritywsprintf$ConvertCryptFreeLocalRandomStringWindows
                                                                                                                                                                                                                                                                      • String ID: %c:\asw.%08x%08x$%s\Temp\asw.%08x%08x$D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU)
                                                                                                                                                                                                                                                                      • API String ID: 1345463893-1526440225
                                                                                                                                                                                                                                                                      • Opcode ID: 88db95f23bc4b762d8fb5ee9b49c33172c53f0c43461d5867f03235e6467ea26
                                                                                                                                                                                                                                                                      • Instruction ID: 05af29c0bb32359ef7d00c5148357d8652cfcd97bef6e02dfad0653a8f4cec6b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88db95f23bc4b762d8fb5ee9b49c33172c53f0c43461d5867f03235e6467ea26
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8216271A00208AFDB109FF5CD45EAEBBBCEF0AB44F044025F905F6110D7359A4A8761
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8410 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 95fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1246 ea8410-ea844b GetFileSizeEx 1247 ea84f9 1246->1247 1248 ea8451-ea8455 1246->1248 1249 ea84fe-ea8504 GetLastError 1247->1249 1250 ea8471-ea8486 CreateFileMappingW 1248->1250 1251 ea8457 1248->1251 1252 ea8505-ea851b call ea7da0 call eb203a 1249->1252 1255 ea8488-ea848d 1250->1255 1256 ea848f-ea84ac MapViewOfFile 1250->1256 1253 ea8459-ea8460 1251->1253 1254 ea8462-ea846c 1251->1254 1253->1250 1253->1254 1254->1252 1255->1249 1258 ea84ae-ea84b3 1256->1258 1259 ea84b5-ea84f8 call ea8520 UnmapViewOfFile CloseHandle call eb0bbe 1256->1259 1258->1249
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32(?,`!,4942A14B,?,?,?,?,?,00000000,00EC2160,000000FF,?,00EA26F7,?,00000000), ref: 00EA8443
                                                                                                                                                                                                                                                                      • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000,?,?,00000000,00EC2160), ref: 00EA847C
                                                                                                                                                                                                                                                                      • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,00000000,00EC2160), ref: 00EA84A2
                                                                                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,00000000,00EC2160), ref: 00EA84CE
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00EC2160), ref: 00EA84D5
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to determine file size!,?,?,00000000,00EC2160,000000FF,?,00EA26F7,?,00000000), ref: 00EA84FE
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA8516
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$View$CloseCreateErrorException@8HandleLastMappingSizeThrowUnmap
                                                                                                                                                                                                                                                                      • String ID: Unable to determine file size!$Unable to open file mapping!$Unable to process files over 1GB!$`!
                                                                                                                                                                                                                                                                      • API String ID: 3729524651-3772066033
                                                                                                                                                                                                                                                                      • Opcode ID: b1e6ea4c36a81881827c27c069d2a993a772f57e169904fa38e7a05ae1d8da2b
                                                                                                                                                                                                                                                                      • Instruction ID: 9a6ed68955a49b0d09df0d7a20624a997768b51f8759cedd68d79089dc5d4866
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1e6ea4c36a81881827c27c069d2a993a772f57e169904fa38e7a05ae1d8da2b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC31F772940315BFDB209B65CD06FEF7BB4EB4DB10F10902AF911BA2C0DB716A058795
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8520 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1367 ea8520-ea8560 1368 ea8658-ea866a 1367->1368 1369 ea8566-ea856e 1367->1369 1371 ea8670-ea867b 1368->1371 1372 ea8801-ea8819 call ea7da0 call eb203a 1368->1372 1369->1368 1370 ea8574-ea8579 1369->1370 1374 ea857f-ea8581 1370->1374 1375 ea8656 1370->1375 1376 ea8862-ea887f call ea7da0 call eb203a 1371->1376 1377 ea8681-ea8688 1371->1377 1383 ea881e-ea8836 call ea7da0 call eb203a 1372->1383 1374->1375 1380 ea8587-ea8591 1374->1380 1375->1368 1381 ea868a-ea868d 1377->1381 1382 ea86bd-ea86c3 1377->1382 1380->1375 1388 ea8597-ea859d 1380->1388 1381->1383 1384 ea8693-ea86bb call ea81a0 1381->1384 1382->1376 1387 ea86c9-ea86d0 1382->1387 1406 ea883b call eb4650 1383->1406 1400 ea8725-ea8765 call ea82f0 call ea8880 1384->1400 1387->1376 1392 ea86d6-ea86dc 1387->1392 1388->1375 1393 ea85a3-ea85a9 1388->1393 1397 ea86e2-ea86ec 1392->1397 1398 ea8845-ea885d call ea7da0 call eb203a 1392->1398 1393->1375 1399 ea85af-ea85c1 1393->1399 1397->1398 1402 ea86f2-ea86fc 1397->1402 1398->1376 1403 ea85e8-ea85f3 1399->1403 1404 ea85c3-ea85c9 1399->1404 1427 ea87a9-ea87ae 1400->1427 1428 ea8767-ea8774 1400->1428 1402->1398 1407 ea8702-ea8722 call ead860 1402->1407 1411 ea8602-ea8608 1403->1411 1412 ea85f5-ea8600 1403->1412 1404->1375 1408 ea85cf-ea85d8 1404->1408 1420 ea8840 call eb4650 1406->1420 1407->1400 1408->1375 1416 ea85da-ea85e6 1408->1416 1411->1375 1413 ea860a-ea8613 1411->1413 1412->1375 1412->1411 1413->1375 1419 ea8615-ea861b 1413->1419 1422 ea8621-ea8629 1416->1422 1419->1422 1420->1398 1422->1368 1424 ea862b-ea862d 1422->1424 1424->1368 1429 ea862f-ea8631 1424->1429 1434 ea87d9-ea8800 call eb0bbe 1427->1434 1435 ea87b0-ea87bd 1427->1435 1430 ea878a-ea87a2 call eb0bff 1428->1430 1431 ea8776-ea8784 1428->1431 1432 ea8638-ea863b 1429->1432 1433 ea8633-ea8635 1429->1433 1430->1427 1431->1406 1431->1430 1437 ea8640-ea8642 1432->1437 1433->1432 1438 ea87cf-ea87d6 call eb0bff 1435->1438 1439 ea87bf-ea87cd 1435->1439 1442 ea8651-ea8654 1437->1442 1443 ea8644-ea8648 1437->1443 1438->1434 1439->1420 1439->1438 1442->1368 1443->1442 1446 ea864a-ea864f 1443->1446 1446->1437 1446->1442
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID: ASWS$ASWS$ASWS$Unable to read signature!$ig2A$ig2A
                                                                                                                                                                                                                                                                      • API String ID: 0-1997839495
                                                                                                                                                                                                                                                                      • Opcode ID: 03ebdbf9e3fc1f93d513ddf9152c5aeb9957fabdfe1bd8fc7f6a52bd19269fec
                                                                                                                                                                                                                                                                      • Instruction ID: 048530797de95a37c64853c5ac1404a5c2a6f17c4aae8f2d668b9d266821505d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03ebdbf9e3fc1f93d513ddf9152c5aeb9957fabdfe1bd8fc7f6a52bd19269fec
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8591A271D002089AEF18DFA4CA85BEDB7B5FF4A308F60912AE401BF181DF75A945CB95
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA4020 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 81stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • &t=screenview&cd=%s, xrefs: 00EA4046
                                                                                                                                                                                                                                                                      • &t=event&ec=microstub&ea=ok&el=%08lx, xrefs: 00EA4066
                                                                                                                                                                                                                                                                      • v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s, xrefs: 00EA40B0
                                                                                                                                                                                                                                                                      • &t=event&ec=microstub&ea=error&el=%08lx%08lx, xrefs: 00EA4081
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: wsprintf$lstrlen
                                                                                                                                                                                                                                                                      • String ID: &t=event&ec=microstub&ea=error&el=%08lx%08lx$&t=event&ec=microstub&ea=ok&el=%08lx$&t=screenview&cd=%s$v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s
                                                                                                                                                                                                                                                                      • API String ID: 217384638-4207265834
                                                                                                                                                                                                                                                                      • Opcode ID: 49c899d7856cdab86659f70f25589dd18c782235690f825fd1b2ac695ab6ac9a
                                                                                                                                                                                                                                                                      • Instruction ID: 08e5215f8bd08d86b3c3b670b052868f17c22b9cbd3176406e0efa69de4f0b45
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49c899d7856cdab86659f70f25589dd18c782235690f825fd1b2ac695ab6ac9a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB3192B1900219AFCB20DF65CD45B9AB7B8FF49314F0081A9A609B3241EB71AB95CF95
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAE450 Relevance: 13.1, APIs: 10, Instructions: 634memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000001), ref: 00EAEC60
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EAEC67
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00EAECB5
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EAECBC
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EAECE2
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EAECE9
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EAED0F
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EAED16
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EAED4C
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EAED53
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                      • Opcode ID: d43ea4c5b2ca15b9f7fecaeb7591261834f3cf69c0fceafa2f732e52eaf3d68e
                                                                                                                                                                                                                                                                      • Instruction ID: 44a86d31d2b8ace02905c75d1aa69edb6db192be839de9ae9914f1bc87ea09e5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d43ea4c5b2ca15b9f7fecaeb7591261834f3cf69c0fceafa2f732e52eaf3d68e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81323F71D015289FDB20DF54CC85BEAB7BAAB99314F0511E5E809BB340DB36AE94CF90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA39C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(00EA0000,00000001,00000010), ref: 00EA39F1
                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(00EA0000,00000000), ref: 00EA3A01
                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00EA3A52
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • \StringFileInfo\040904b0\SubEdition, xrefs: 00EA3A8F
                                                                                                                                                                                                                                                                      • \StringFileInfo\040904b0\Edition, xrefs: 00EA3A67
                                                                                                                                                                                                                                                                      • %d.%d.%d.%d, xrefs: 00EA3A4A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Resource$FindLoadwsprintf
                                                                                                                                                                                                                                                                      • String ID: %d.%d.%d.%d$\StringFileInfo\040904b0\Edition$\StringFileInfo\040904b0\SubEdition
                                                                                                                                                                                                                                                                      • API String ID: 1667977947-3794282237
                                                                                                                                                                                                                                                                      • Opcode ID: 9122537c82db6f0a689f29470a9fa162a01ff5f24365bf827f69dab162a87d9d
                                                                                                                                                                                                                                                                      • Instruction ID: ef60b0432b9ec996e981d871fc27116dcc5d7d172fdcd6e9f0ff4eb64de0bb2b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9122537c82db6f0a689f29470a9fa162a01ff5f24365bf827f69dab162a87d9d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E314F72A00219ABDB11DFA5DC41EFFB7E8EF49700F141069F905F6181E631AE4587A1
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA3280 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindResourceW.KERNELBASE(00EA0000,EDAT_ECOO,0000000A), ref: 00EA3294
                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(00EA0000,00000000), ref: 00EA32AB
                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(00EA0000,00000000), ref: 00EA32B9
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Resource$FindLoadSizeof
                                                                                                                                                                                                                                                                      • String ID: $@$EDAT_ECOO
                                                                                                                                                                                                                                                                      • API String ID: 507330600-2393187713
                                                                                                                                                                                                                                                                      • Opcode ID: 9e51e290557f86b34c8221397861aa78fbc082f29b40a6387f044d89211dea81
                                                                                                                                                                                                                                                                      • Instruction ID: bf03fa91d2d2df906582fd2f661d2eb05678b481d0917e260a2b6c38f9de26a7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e51e290557f86b34c8221397861aa78fbc082f29b40a6387f044d89211dea81
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F312B32A1475297DF308F7888D5669B3A1EF9B344715972EF456BB502EF60BB884340
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA2480 Relevance: 9.1, APIs: 6, Instructions: 95sleepfileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000), ref: 00EA2506
                                                                                                                                                                                                                                                                      • SetEndOfFile.KERNELBASE(?), ref: 00EA2511
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA251B
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA2550
                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,00000000), ref: 00EA2574
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000000), ref: 00EA2585
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$File$PointerSleep
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3209234422-0
                                                                                                                                                                                                                                                                      • Opcode ID: 18e65678f3e6c8a62f93641f186ae5f81467c034f640982f06a580e2cfc13143
                                                                                                                                                                                                                                                                      • Instruction ID: fa2b473eac90bdb2848908a2570137f14aa0d9ba2ec28c5b8ddc35c54ba5ea05
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18e65678f3e6c8a62f93641f186ae5f81467c034f640982f06a580e2cfc13143
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53319A71D002089FCB009FA9E885BEEBBB5FF4E314F14912AED15B7350DB30AA018B91
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(wintrust.dll,?,?,00ECB144,00000000), ref: 00EA8136
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 00EA8149
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,00ECB144,00000000), ref: 00EA8152
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                      • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                                                                                                                      • API String ID: 145871493-3385133079
                                                                                                                                                                                                                                                                      • Opcode ID: 2040d683bb45aca4b9e160831d6c8a5b5b2b15e74ac68cdcc34bce3205296b30
                                                                                                                                                                                                                                                                      • Instruction ID: 33e518e3a04d81c5286ae381c20533aefe018e8849c801f008313445708ef2e8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2040d683bb45aca4b9e160831d6c8a5b5b2b15e74ac68cdcc34bce3205296b30
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FD05E32601721BF4A1017BE7C0DECF6B64AEC2E6130E52B9F801B61688A268887A150
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAB890 Relevance: 6.2, APIs: 4, Instructions: 243COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,?,00EAB45F), ref: 00EAB99D
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000010,00000000,?,00EAB45F), ref: 00EAB9D6
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000,?,00EAB45F), ref: 00EABA89
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00EAB45F,00000000,00000000,00000000,?,00EAB45F), ref: 00EABAC7
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                                                                                                                      • Opcode ID: 61e8e94445b49fcbcc38f9247d0d8ed1795814207f0431f562402aa2f743a3ea
                                                                                                                                                                                                                                                                      • Instruction ID: a95aa3d1ae12e046e226422ac5da9434c18dd109c2e349c18a3c4bbae4763f78
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61e8e94445b49fcbcc38f9247d0d8ed1795814207f0431f562402aa2f743a3ea
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A918031A012059FDB11CF68C884BAEBBF5FF8A314F245159E915BB392DB71B906CB90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8880 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 315COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA8C7A
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAFC70: GetProcessHeap.KERNEL32(00000000,?,?,?,?,00000000), ref: 00EAFCB3
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAFC70: HeapFree.KERNEL32(00000000), ref: 00EAFCBA
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAED90: GetProcessHeap.KERNEL32(00000000,8B55CCCC,00EA82E6,?,00EA8A31,?,?,?), ref: 00EAEDB7
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAED90: HeapFree.KERNEL32(00000000,?,?), ref: 00EAEDBE
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAFAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00EAFC26
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAFAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00EAFC2D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAFAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00EAFC4D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAFAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00EAFC54
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAE450: GetProcessHeap.KERNEL32(00000000,00000001), ref: 00EAEC60
                                                                                                                                                                                                                                                                        • Part of subcall function 00EAE450: HeapFree.KERNEL32(00000000), ref: 00EAEC67
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to initialize DSA parameters!, xrefs: 00EA8C50
                                                                                                                                                                                                                                                                      • Unable to read digest or signature!, xrefs: 00EA8C47
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess$Exception@8Throw
                                                                                                                                                                                                                                                                      • String ID: Unable to initialize DSA parameters!$Unable to read digest or signature!
                                                                                                                                                                                                                                                                      • API String ID: 786774151-2226104879
                                                                                                                                                                                                                                                                      • Opcode ID: bc921b1472de2466295aeec95681647c26aedae8dda7ddea17db893b53908cb0
                                                                                                                                                                                                                                                                      • Instruction ID: ca009b6e583ab28f3bf89505f547866926398dc457f67a48814d4657a2d9cd96
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc921b1472de2466295aeec95681647c26aedae8dda7ddea17db893b53908cb0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52B1DCB2D0021CAADB50DBE4DD45FDEB3BCAB19304F045566E509FA142EB34EA88CF61
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA43E0 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_00004020,?,00000000,?), ref: 00EA440A
                                                                                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00EA4415
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4060959955-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9e2561707ef44a25f914ec56121870c6490c638e2eea11b87f8681e154d84cd2
                                                                                                                                                                                                                                                                      • Instruction ID: dbdb19b2f4bb7ffc57d457f984b037e640deae866a30f436c4e3018cf3a986ee
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e2561707ef44a25f914ec56121870c6490c638e2eea11b87f8681e154d84cd2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07F012B0600308AFDB10DFA5DC4AFAE77B4EB48706F5040A8E905BA2D1DAB56A49C751
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA4440 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_000041B0,?,00000000,?), ref: 00EA446A
                                                                                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00EA4475
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4060959955-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2765eeb1199abdb495067099440d8991e8a12cd42dfb81738a078124c3dd8118
                                                                                                                                                                                                                                                                      • Instruction ID: c589d0ed1b020d769d831cc1b562d082a19124380d4d078540a5ad45d44b8435
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2765eeb1199abdb495067099440d8991e8a12cd42dfb81738a078124c3dd8118
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DF01270600208AFDB10DFA5DC4AFAE7BB8EB48705F5040A8F805BA2D0DBB56A4AC751
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB05F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB0610
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: e52701b042c1e890b536382397a056546c0ca197fe760b076df19ed416e38fd6
                                                                                                                                                                                                                                                                      • Instruction ID: 8c808a88be50099123a09c9d3265a54d9347ddc8eff0917183d0ea4c4f3ce937
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e52701b042c1e890b536382397a056546c0ca197fe760b076df19ed416e38fd6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEB092A129D112BD6114D1005D03FBB0208C0C0B12B20A81AB081F4180A48029021032
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: 8607d6f3b37775b7d3ecf4033a7c080da64dd5eed34f2ce7c1a7978109edf1d6
                                                                                                                                                                                                                                                                      • Instruction ID: fb57de7ea9b9f9c56a93db357dff7e77e2fdf1cf66ecc25368611a4ee1d281df
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8607d6f3b37775b7d3ecf4033a7c080da64dd5eed34f2ce7c1a7978109edf1d6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15B0129126C111BD3214D1145D13FBB024CC0C4B11B30B81FF445F5280D6406C021132
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0666 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: 099a4df2aacd5a19380a56485f143b5ad36fe9242201a80df5c95cf9b41fea3f
                                                                                                                                                                                                                                                                      • Instruction ID: 7a7094932e165d4124fa3f6fd971ac216f056211858a69c4ffe17459f428b9e1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 099a4df2aacd5a19380a56485f143b5ad36fe9242201a80df5c95cf9b41fea3f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FB012A126C1117D3104D1245F13FBB02CCC0C5B11F30B81FF045F5240D6412C030131
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB067A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: bf4d5a34030da14f7eff6275c5c0af4ee7b05665f11d6c6aa57567f753531d00
                                                                                                                                                                                                                                                                      • Instruction ID: ffdcba4d7e47811b12d2e8dffa943176db482de33f3d171b2d955d7e0cd420dc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf4d5a34030da14f7eff6275c5c0af4ee7b05665f11d6c6aa57567f753531d00
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DB0129126C2117D3254D2145D13FBB024CC1C4B11B30791FF045F5280D6402D461232
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0670 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3c8dcd14d705bcb342fbe85a37f15b641516fbc2cd2a11ceae86a139e979e401
                                                                                                                                                                                                                                                                      • Instruction ID: 9ac9b90e45a94dffc67fba7e792e63fad7ab4bf709c71a51c77ed8c602032333
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c8dcd14d705bcb342fbe85a37f15b641516fbc2cd2a11ceae86a139e979e401
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05B0129126D111BD3204D1145D13FBB024CC0C4B51B30B81FF445F5240D6402C020231
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0648 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: d5d67dd96a5ec6dc8c939fa3ea578d22c154c1adc96a0bcac39da54c4e9a0711
                                                                                                                                                                                                                                                                      • Instruction ID: 601cd2da35f9bdd696a639f0f344dda11b80c862b767c7a084601262c72131a9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d67dd96a5ec6dc8c939fa3ea578d22c154c1adc96a0bcac39da54c4e9a0711
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0B0129127E1117D3104D1145D23FBF024CD4C4B51F30B81FF045F5240D6402C020131
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB065C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: c06254e1e994503555e5f3ee4f77b58fac9476ffd4a06b16bc2088081573dc5a
                                                                                                                                                                                                                                                                      • Instruction ID: 533d9c5b9419f47c25e29a772696c4a02d51f34158a427b0e7eb72b73ce548d2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c06254e1e994503555e5f3ee4f77b58fac9476ffd4a06b16bc2088081573dc5a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BB012A126D3117D3244D1545D13FBB024CC0C4B51B30795FF045F5240D6402C460231
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0652 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: ba013453f506dfdb0c02aef0da0e1b0a613bea78d73d9924026463bf135a4898
                                                                                                                                                                                                                                                                      • Instruction ID: 73876d3d2588c41704b58d2ff33ab6f65200e232e19d1d526153b70a90dd92a0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba013453f506dfdb0c02aef0da0e1b0a613bea78d73d9924026463bf135a4898
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCB0129126E1117D3104D1145E13FBB024CC0C4B91B30B81FF045F9240D6413C030131
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB063E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3116b7a4c728d6cf76f819afee1ba4655a970f00aab836170c0af5c8e5f64ed6
                                                                                                                                                                                                                                                                      • Instruction ID: 5ab955fd4ca10d54209cc6f775453e4448ea59390107804e9492fa4ac5a4f62f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3116b7a4c728d6cf76f819afee1ba4655a970f00aab836170c0af5c8e5f64ed6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73B0129126C111BD3204D1345E13FBB028CC0C4B11B30B81FF445F5240D7402C020131
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0634 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: d0aaacde6bd3108ececb92706e6806e11ca76bcf6e9e52b5d5ed8139ebef9120
                                                                                                                                                                                                                                                                      • Instruction ID: df131eeeb456fbfa46b31d00f3de5890dc8c29e8d26d27c738c164a1dcf56975
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0aaacde6bd3108ececb92706e6806e11ca76bcf6e9e52b5d5ed8139ebef9120
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAB0129526D2117D3244D1245E13FBF028CC0C4B11B30791FF045F5240D6402C460231
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0619 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00EB062B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00EA7AF1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EA7B59
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00EA7B6A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 697777088-0
                                                                                                                                                                                                                                                                      • Opcode ID: d9e52972770875cbf0faab266f0a9dcb08a4c1ff74c2594507cbfc0da8d32627
                                                                                                                                                                                                                                                                      • Instruction ID: 2c1b43f2c6deef57fa82ee7840992abc59dd6e35775553ef0a4156253580447c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9e52972770875cbf0faab266f0a9dcb08a4c1ff74c2594507cbfc0da8d32627
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41B0129326C2117D31049120AE13FBF024CD0C4B11F30B81FF041F4141D6402D020031
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 00EA9020 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 152encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: lstrcatA.KERNEL32(?, (Prototype),?,4942A14B,?), ref: 00EA8E56
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,4942A14B,?), ref: 00EA8E6D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,4942A14B,?), ref: 00EA8E85
                                                                                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,4942A14B,?,?,00EA8744,?,?,?,?,00EC2269,000000FF), ref: 00EA9088
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA90A4
                                                                                                                                                                                                                                                                      • CryptHashData.ADVAPI32(?,?,4942A14B,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA90BB
                                                                                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA90E4
                                                                                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00EC2269,000000FF), ref: 00EA9128
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA913E
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA914E
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to create hash context!,?,?,?,?,00EC2269,000000FF), ref: 00EA9177
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA918F
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to update hash context!,?,00ECB144,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA9199
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA91B1
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to determine digest size!,?,00ECB144,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA91BB
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA91D3
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to retrieve digest!,?,00ECB144,00000000,?,?,?,?,00EC2269,000000FF), ref: 00EA91DD
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA91F5
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to retrieve digest!, xrefs: 00EA91D8
                                                                                                                                                                                                                                                                      • Unable to determine digest size!, xrefs: 00EA91B6
                                                                                                                                                                                                                                                                      • Unable to update hash context!, xrefs: 00EA9194
                                                                                                                                                                                                                                                                      • Unable to create hash context!, xrefs: 00EA9172
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Crypt$Hash$ErrorException@8LastThrow$Context$DestroyParamRelease$AcquireCreateDatalstrcat
                                                                                                                                                                                                                                                                      • String ID: Unable to create hash context!$Unable to determine digest size!$Unable to retrieve digest!$Unable to update hash context!
                                                                                                                                                                                                                                                                      • API String ID: 827938544-872507617
                                                                                                                                                                                                                                                                      • Opcode ID: 40915cb1f0380ecb1474abb48306a1450da9a6b4b72620ece02ce6a293e4f7a4
                                                                                                                                                                                                                                                                      • Instruction ID: a3225f6d8567840bccc63ac23506c8e21dbf451a726811c4a66313ec50080996
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40915cb1f0380ecb1474abb48306a1450da9a6b4b72620ece02ce6a293e4f7a4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6514E71A4120AAFDB10DFA1CD4AFEEBBB8FF09704F109119F511B6190DB75AA05CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA9340 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00EA8744,00000000,4942A14B,?,?,?,00000000), ref: 00EA9395
                                                                                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 00EA93DC
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to determine digest size!), ref: 00EA940A
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA9422
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to retrieve digest!,?,00ECB144,00000000), ref: 00EA942C
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA9444
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to retrieve digest!, xrefs: 00EA9427
                                                                                                                                                                                                                                                                      • Unable to determine digest size!, xrefs: 00EA9405
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CryptErrorException@8HashLastParamThrow
                                                                                                                                                                                                                                                                      • String ID: Unable to determine digest size!$Unable to retrieve digest!
                                                                                                                                                                                                                                                                      • API String ID: 2498184597-199986585
                                                                                                                                                                                                                                                                      • Opcode ID: ddc853bfb1c7cac1f9b5b61ec736f4236f5fdae2a79819ad1762b3371237963e
                                                                                                                                                                                                                                                                      • Instruction ID: a4079dcd82dacfe17459491e537ca32cb7f4d38aa1ac1c8974a3980f46b732b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddc853bfb1c7cac1f9b5b61ec736f4236f5fdae2a79819ad1762b3371237963e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8313CB1940209AFDB10DFA5CD46FEEBBB8EF09704F10411AB511B7280DB756A09CBA4
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBCE7E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                      • Opcode ID: 7a58501822f95dfc80ebd3542ef71377ac6e61a1a308c34a61457e19b9432371
                                                                                                                                                                                                                                                                      • Instruction ID: 0de723ebf42fc591badea2325d74715a8c293c81239ef58fdf917e3797e4bd3a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a58501822f95dfc80ebd3542ef71377ac6e61a1a308c34a61457e19b9432371
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BC24B71E096298FDB25CE28DD407EAB7B5EB84309F1451EAD84EF7240E775AE818F40
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA94D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 00EA94E2
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to update hash context!), ref: 00EA94F7
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA950F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to update hash context!, xrefs: 00EA94F2
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CryptDataErrorException@8HashLastThrow
                                                                                                                                                                                                                                                                      • String ID: Unable to update hash context!
                                                                                                                                                                                                                                                                      • API String ID: 913647941-2364437153
                                                                                                                                                                                                                                                                      • Opcode ID: 3afbd0fdae14deae2f8c92de42ecc9ad94e70279c895c9fb7ee3457b503f1c2b
                                                                                                                                                                                                                                                                      • Instruction ID: 6280760a6bc9153bdb370f1343d8657a96385fc49386e3f93ffda2421098fab6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3afbd0fdae14deae2f8c92de42ecc9ad94e70279c895c9fb7ee3457b503f1c2b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AEE048325402097FC710BFA5CD46FAE776CBF05701F049458B954B5091EA32F515CB54
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAEDE0 Relevance: 5.2, APIs: 4, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 00EAF034
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00EAF03B
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 00EAF058
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00EAF05F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                      • Opcode ID: f566c1a629d38953fb7395576a830bd5b75f8e6d214e2dc41aee75bc09a54aad
                                                                                                                                                                                                                                                                      • Instruction ID: 0e840cc37f9f30b227f3ee5b50ca1e2e5218af7ec935550f725b1d9188d679b9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f566c1a629d38953fb7395576a830bd5b75f8e6d214e2dc41aee75bc09a54aad
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3714A72D002295BDF20DBE4DC85AEFB7FCAB09354F455129ED11BB201E775AE068BA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB4476 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00EB456E
                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00EB4578
                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00EB4585
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                      • Opcode ID: 86505b2fd5e5fd91a610c97d9e086b77d7db41735da4f09ed4a2d2b9547a823a
                                                                                                                                                                                                                                                                      • Instruction ID: 63896b840d36c25ccd6aa381d6864bdf1d23522875e061b37f298fca6020c5fb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86505b2fd5e5fd91a610c97d9e086b77d7db41735da4f09ed4a2d2b9547a823a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7731947590121C9BCB21DF65D889BD9BBB4BF08310F5051EAE41CA6261E7709F858F45
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB7C5A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,?,00EB7C30,00000000,00ECBA28,0000000C,00EB7D87,00000000,00000002,00000000), ref: 00EB7C7B
                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00EB7C30,00000000,00ECBA28,0000000C,00EB7D87,00000000,00000002,00000000), ref: 00EB7C82
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00EB7C94
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5f4f95e1aec226a4bfdde0033947cdc8e0db9fd27517bbbb57c81b631f85761b
                                                                                                                                                                                                                                                                      • Instruction ID: 15fecbdc584ed9542a1c1455c7ac23b4ae314d850b595080d78d3ea58eaa689d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f4f95e1aec226a4bfdde0033947cdc8e0db9fd27517bbbb57c81b631f85761b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAE0BF31015144AFCF116F65DD09D9A7FAAFB54355F015024F8557A931CB36DD4ACB40
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBA4B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                      • Opcode ID: 5e18cda490de72d07020a6b5ec4a484735fab38dea4c424483b6d2929c690286
                                                                                                                                                                                                                                                                      • Instruction ID: 7cf293bc25fe4fc7daa4fe915e770fd413fee84bdf1d811d1ef995036ab25237
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e18cda490de72d07020a6b5ec4a484735fab38dea4c424483b6d2929c690286
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE411572900218AECF249FB9DC89EFB77B8EB84714F185278F915E7180E6719E818B51
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBC9D0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                                                                                                                      • Instruction ID: 0ad77d737548a28d0e60caf5b50241c6c7d4c288febdc124b18db85315c807b7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E022B71E042199BDF14CFA9C9806EEBBF1EF88314F25966AD919FB340D731A941CB90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EC126C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00EC1267,?,?,00000008,?,?,00EC0F07,00000000), ref: 00EC1499
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5942018409392e77834e6b2fd18ddbea4a1bfa13be27cbd533d1d87580b9b884
                                                                                                                                                                                                                                                                      • Instruction ID: a2a856c69b904396339b849e7f5f4bd97cd41ac05ef465e266095c70f15f3e9c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5942018409392e77834e6b2fd18ddbea4a1bfa13be27cbd533d1d87580b9b884
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38B14F31510604DFD719CF28C586BA57BE0FF46368F25969CE89ADF2A2C336D992CB40
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8260 Relevance: 1.5, APIs: 1, Instructions: 34encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(?,4942A14B,?,?,00EC20F0,000000FF), ref: 00EA8296
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CryptDestroyHash
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 174375392-0
                                                                                                                                                                                                                                                                      • Opcode ID: f7ee47217be54a0fc678d0ef549a451ca5fc29d92cab0e59467741801bbe91aa
                                                                                                                                                                                                                                                                      • Instruction ID: 7be5473408dd821204c256f9192561ba4f700a7080b149a7d855a4081325efeb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7ee47217be54a0fc678d0ef549a451ca5fc29d92cab0e59467741801bbe91aa
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17F09071A04644EFD710CF58CA01BAAB3ECFB09714F00466EAC15E7780DF76AD04C690
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8EF0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00EA83E7,00000000,?,?,?,00000000,00000004,?,00EA8744,0000800C,4942A14B,?), ref: 00EA8EF8
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 829835001-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3b01ad02750384bd5046b4547ac4829f4ec42c938839c87ea3e8f1a8aabbfecd
                                                                                                                                                                                                                                                                      • Instruction ID: 8832fd323db845cb30b108a2a92198e1183840fd762bd513defaf75d05516650
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b01ad02750384bd5046b4547ac4829f4ec42c938839c87ea3e8f1a8aabbfecd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52B0123204020CBBC6101B52EC06F45BF2CD710750F008031F7051407187736521A5A9
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EC2660 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00BE9440,00000000), ref: 00EC266C
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 829835001-0
                                                                                                                                                                                                                                                                      • Opcode ID: bffa76573356b2df843270b611434915afbd647a14e9e86a07bd2c02e11e1a50
                                                                                                                                                                                                                                                                      • Instruction ID: 2ccccb4819f9e9abeb9029faecb4b4f39a1c17df570b95d46872e974f9addfe4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bffa76573356b2df843270b611434915afbd647a14e9e86a07bd2c02e11e1a50
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27B012707002005FDE208B33AE0AF02326C6740B00F00C0687302F21A0CA32D906C534
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB1292 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000112A0,00EB0755), ref: 00EB1297
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6cac986445015ce883a214cb1004118a04265342c3edf9c794396ecd0255ea68
                                                                                                                                                                                                                                                                      • Instruction ID: e4b810c961ed8782c57cb48a1b7f6bd25305f25f9b7ce44e001f062b8e9c5ee7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cac986445015ce883a214cb1004118a04265342c3edf9c794396ecd0255ea68
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAD340 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 3b6a82d7d83920caca0bc409f122fd985506cc017358d60ad57870419c3f0d19
                                                                                                                                                                                                                                                                      • Instruction ID: d5f80fbaf2b3a162ed6139d68ec7f16fbe90b25aa6bcc4977d718b5e4c7ed8a1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b6a82d7d83920caca0bc409f122fd985506cc017358d60ad57870419c3f0d19
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACA1C071E04215CBCB18CF68D8919AEB7F5FF8D314B245629E826EB791D730B940CBA4
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB66E4 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 7e85a45e968de6970148550c979144e55e472c6235086eac00f12755d52de58c
                                                                                                                                                                                                                                                                      • Instruction ID: fc5bc1a8aca2581eed42c7c7638bf92d4a0d6bafa73284e23ed160d638e7b028
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e85a45e968de6970148550c979144e55e472c6235086eac00f12755d52de58c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8861777160061857DE3C9A289AA5BFF63D9EF4170CF14342BE882FB2E1DA1DDD428341
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA12F0 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 434windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00EA1362
                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000002), ref: 00EA136A
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00EA1386
                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00EA138E
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EA13AF
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EA13BB
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EA13C7
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EA13D3
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EA13DF
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EA13EB
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00EA13F7
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00EA1403
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00EA140F
                                                                                                                                                                                                                                                                      • DestroyIcon.USER32 ref: 00EA141B
                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000029,000001F4,000001F4,00000000), ref: 00EA1460
                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00EA146A
                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00EA1491
                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00EA14B8
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000064,00000001,00000030,00000030,00000000), ref: 00EA1669
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,STATIC,00000000,50000003,00000010,00000010,00000030,00000030,?,00000000,00000000), ref: 00EA1695
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000001), ref: 00EA16AE
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000050,?,?,?,?,00000000,00000000), ref: 00EA16ED
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EA1703
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,STATIC,?,50000000,?,?,?,?,?,00000000,00000000), ref: 00EA1746
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000010,?,?,?,?,00000000,00000000), ref: 00EA1787
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000), ref: 00EA17A2
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000), ref: 00EA17B8
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B30: LoadStringW.USER32(00EA0000,00000000,00EA40A0,00000000), ref: 00EA3B55
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010001,00000010,?,?,?,?,00000000,00000000), ref: 00EA1810
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010000,?,?,?,?,?,00000000,00000000), ref: 00EA1851
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000), ref: 00EA186C
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000), ref: 00EA1882
                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EA1898
                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00EA18EB
                                                                                                                                                                                                                                                                      • SetFocus.USER32 ref: 00EA18F7
                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00EA190C
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Window$CreateDestroy$Message$Send$DeleteFontIndirectObject$InfoLoadParametersPostQuitSystem$FocusIconImageProcString
                                                                                                                                                                                                                                                                      • String ID: BUTTON$STATIC
                                                                                                                                                                                                                                                                      • API String ID: 2791220612-3385952364
                                                                                                                                                                                                                                                                      • Opcode ID: 9c581385ed0f4c895250202303ff762c98d229c0a7045fab06677dd34cd5834b
                                                                                                                                                                                                                                                                      • Instruction ID: 7ecdfd4b6b3c4c808e0b970a7d31b1766d9dde67a1a76429213f6ea317ee649a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c581385ed0f4c895250202303ff762c98d229c0a7045fab06677dd34cd5834b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB02D571A41214AFEB659F75EC49FA9BB75FF88300F0042E9F509B62A0D7726A85CF10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBBBA7 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 00EBBBEB
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB87B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB88D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB89F
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB8B1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB8C3
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB8D5
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB8E7
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB8F9
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB90B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB91D
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB92F
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB941
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB85E: _free.LIBCMT ref: 00EBB953
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBBE0
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: HeapFree.KERNEL32(00000000,00000000,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?), ref: 00EB8DFF
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: GetLastError.KERNEL32(?,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?,?), ref: 00EB8E11
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC02
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC17
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC22
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC44
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC57
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC65
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBC70
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBCA8
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBCAF
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBCCC
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBCE4
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                      • String ID: ($H
                                                                                                                                                                                                                                                                      • API String ID: 161543041-904584551
                                                                                                                                                                                                                                                                      • Opcode ID: 8005b9d80ade1c4668474d2fd80f686880a897c0c9481c66a9f1b23bc279bb46
                                                                                                                                                                                                                                                                      • Instruction ID: a410914681779cf6d82a2add8aae965809aafe13c26c93c02f9f5158e5d3916f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8005b9d80ade1c4668474d2fd80f686880a897c0c9481c66a9f1b23bc279bb46
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9316F35500705AFEB21AA79E945BDBB7ECAF40315F14652AE448F7291DFB1AC40CB10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA1BF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 128windowregistryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • #17.COMCTL32(4942A14B), ref: 00EA1C33
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000040), ref: 00EA1C6A
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00EA1C85
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B30: LoadStringW.USER32(00EA0000,00000000,00EA40A0,00000000), ref: 00EA3B55
                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 00EA1CAE
                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000031), ref: 00EA1CB8
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00EA1CC7
                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00EA1CE3
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,90880000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00EA1D05
                                                                                                                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EA1D1B
                                                                                                                                                                                                                                                                      • IsDialogMessageW.USER32(00000000,?), ref: 00EA1D2F
                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00EA1D3D
                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00EA1D47
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: LoadMessage$Image$MetricsSystem$ClassCreateDialogDispatchRegisterStringTranslateWindow
                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                      • API String ID: 2026041735-4108050209
                                                                                                                                                                                                                                                                      • Opcode ID: 80c53444fd12107fbd28f000e4257f1a6a9ad33051fa8d0ea08e41e122cde745
                                                                                                                                                                                                                                                                      • Instruction ID: ee2f0d1abf9e87b71427a5a8cee569bb01e4d9cb64b9880f45b8b422379465b2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80c53444fd12107fbd28f000e4257f1a6a9ad33051fa8d0ea08e41e122cde745
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47416071A40348AFEB209FA1DC4AFAEBBB8FB04B15F104129F515BA2D0D7756A05CB51
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA5535 Relevance: 16.7, APIs: 11, Instructions: 166synchronizationfileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8080: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00EA809B
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA8080: GetProcAddress.KERNEL32(00000000), ref: 00EA80A2
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000000C1), ref: 00EA5593
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00EA55A2
                                                                                                                                                                                                                                                                      • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 00EA55D9
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA55E9
                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000420), ref: 00EA5602
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA75E3
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA75F4
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA7605
                                                                                                                                                                                                                                                                      • _wcsrchr.LIBVCRUNTIME ref: 00EA76A1
                                                                                                                                                                                                                                                                      • _wcsrchr.LIBVCRUNTIME ref: 00EA76B3
                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 00EA76EF
                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00EA7707
                                                                                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 00EA7718
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA771F
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: #17.COMCTL32 ref: 00EA3B84
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: LoadStringW.USER32(00EA0000,000003E9,?,00000000), ref: 00EA3BA1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: LoadStringW.USER32(00EA0000,?,?,00000000), ref: 00EA3BBA
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA3B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00EA3BCF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Handle$Close$ExchangeInterlocked$CreateLoadMutexString_wcsrchr$AddressCopyErrorFileHardLastLinkMessageModuleProcRelease
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3636221856-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2ba7b1703ee2f9ad3ad060b70c21c23931d8a1e69de3d602ecaaae3047727dd0
                                                                                                                                                                                                                                                                      • Instruction ID: 6c1dd212ca64c829309e98512df384d7481855860c545d9525d67e3407716ce4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ba7b1703ee2f9ad3ad060b70c21c23931d8a1e69de3d602ecaaae3047727dd0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF518C71A002189BDB21EB64DC46FDD77B8AF4A305F0010EAF549BB192DB70AF858F51
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA1FC0 Relevance: 15.1, APIs: 10, Instructions: 136COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00824049), ref: 00EA2021
                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00362620), ref: 00EA2042
                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00DBDBDA), ref: 00EA2054
                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00F67000), ref: 00EA2064
                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00EA2074
                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?), ref: 00EA20E3
                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?), ref: 00EA210D
                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 00EA2118
                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(003F382C), ref: 00EA214E
                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00FF9640), ref: 00EA218A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: BrushCreateSolid$FillPaintRect$Begin
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2220257389-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5b2c5dfeb8ccf703867c11e4ceb4310acb3ef31d675b59705dedc1b67683319f
                                                                                                                                                                                                                                                                      • Instruction ID: a37ea347a75bd6618d755dddcde0c8c194b79f4c7d39177557173afbf0eb053d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b2c5dfeb8ccf703867c11e4ceb4310acb3ef31d675b59705dedc1b67683319f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27519071A00208DFDB11DFB9D886CA977B5FB4D304B10866AE606FB361D732B94ACB51
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB89B1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB89C5
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: HeapFree.KERNEL32(00000000,00000000,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?), ref: 00EB8DFF
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: GetLastError.KERNEL32(?,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?,?), ref: 00EB8E11
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB89D1
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB89DC
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB89E7
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB89F2
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB89FD
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8A08
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8A13
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8A1E
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8A2C
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1280eb5dfec370705ebd247397e71dae18c25e0ef4f3b88406f92f589c99e5e8
                                                                                                                                                                                                                                                                      • Instruction ID: bf5bc437e5f5bc64ffb4924dabfaed485f139e5c719241501f00d85d9bb78145
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1280eb5dfec370705ebd247397e71dae18c25e0ef4f3b88406f92f589c99e5e8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F811A77A101108FFCF01EF95EE42DDA3FADEF14351B4152A6B9085B262DA32DA50DB80
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA2BA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 319fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(00EA0000,?,0000000A,.edat,00000005,?,?,?,?,00000000,?,?,00000000), ref: 00EA30A3
                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(00EA0000,00000000,?,?,00000000,?,?,00000000), ref: 00EA30B5
                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(00EA0000,00000000,?,?,00000000,?,?,00000000), ref: 00EA30C3
                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000004,00000001,00000000,00000002,00000080,00000000,?,?,00000000,?,?,00000000), ref: 00EA30EE
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,00000000), ref: 00EA310B
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,00000000), ref: 00EA3112
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Resource$File$CloseCreateFindHandleLoadSizeofWrite
                                                                                                                                                                                                                                                                      • String ID: .edat$EDAT_
                                                                                                                                                                                                                                                                      • API String ID: 2436039785-3242799629
                                                                                                                                                                                                                                                                      • Opcode ID: d02104eadd5f86500fe7b82a0cbbec913e98f8ee17dd35d1da9b4efa9c8f9628
                                                                                                                                                                                                                                                                      • Instruction ID: 1e9cbcf84db9e204256391b502f5074131ed13dcf3c226cbd98a7c80b753f081
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d02104eadd5f86500fe7b82a0cbbec913e98f8ee17dd35d1da9b4efa9c8f9628
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3A1C672E002059FCB149FB8CC95BEEB7B5EF49314F14912DE912BB281D7306A05CBA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8080 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00EA809B
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00EA80A2
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?), ref: 00EA80D1
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • IsWow64Process2, xrefs: 00EA8091
                                                                                                                                                                                                                                                                      • Unable to determine native architecture of the system!, xrefs: 00EA8101
                                                                                                                                                                                                                                                                      • kernel32, xrefs: 00EA8096
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                                                      • String ID: IsWow64Process2$Unable to determine native architecture of the system!$kernel32
                                                                                                                                                                                                                                                                      • API String ID: 4190356694-2412497375
                                                                                                                                                                                                                                                                      • Opcode ID: e8b69132f82582c0b167dfb598a7de119767d452f557154cfee8daa594a4b506
                                                                                                                                                                                                                                                                      • Instruction ID: 05ddccdfd97b196e5edb5ce0241f1fbdf4c83783a835e84ecc2ac79203a8bf36
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8b69132f82582c0b167dfb598a7de119767d452f557154cfee8daa594a4b506
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC118271A01318AF8B10AFF59D56DDE77B8EF09700B0091AAA816F7290DE359A498B91
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA8F10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to decode base64 string!), ref: 00EA8FD7
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA8FEF
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to decode base64 string!,?,00ECB144,00000000), ref: 00EA8FF9
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA9011
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorException@8LastThrow
                                                                                                                                                                                                                                                                      • String ID: Unable to decode base64 string!$_$_
                                                                                                                                                                                                                                                                      • API String ID: 1006195485-1897415626
                                                                                                                                                                                                                                                                      • Opcode ID: 9d60b29309878cc7b722dc76f1a756eae27f4db81d198ac01f0b69ca5d1621c4
                                                                                                                                                                                                                                                                      • Instruction ID: 1082488053a873a12219b81faf03558514eb2f5e826fdbf259315ed62ef55d54
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d60b29309878cc7b722dc76f1a756eae27f4db81d198ac01f0b69ca5d1621c4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B312971A40219AFDB20DF95DD46FAEB7B8FF09B14F104119B511BB2C0DBB56A04CB64
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA1100 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59memorystringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00EA1115
                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 00EA111F
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000100), ref: 00EA1157
                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EA115E
                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000060), ref: 00EA116D
                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(?,\b86362a5.exe), ref: 00EA1187
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$AllocProcess$DirectorySystemlstrcpy
                                                                                                                                                                                                                                                                      • String ID: \b86362a5.exe
                                                                                                                                                                                                                                                                      • API String ID: 2190664303-3123522761
                                                                                                                                                                                                                                                                      • Opcode ID: cc9440a7911cdd964550671019ff1e6c4280332ed62b35916a9ec1a7b8b2a7f9
                                                                                                                                                                                                                                                                      • Instruction ID: 6e860ec7487f42c3e002bca4585adc20d35172dd8ac4693726b983e9e4d54986
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc9440a7911cdd964550671019ff1e6c4280332ed62b35916a9ec1a7b8b2a7f9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D11C176901712AFE3109FAADC45E9ABBACFF1C710F04402AF905A7650DB76E811C7E4
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB8EAA Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,00EB90FB,00000001,00000001,8B000053), ref: 00EB8F04
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00EB8F3C
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00EB90FB,00000001,00000001,8B000053,4942A14B,?,?), ref: 00EB8F8A
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00EB9021
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,4942A14B,8B000053,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00EB9084
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00EB9091
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8E23: HeapAlloc.KERNEL32(00000000,?,?,?,00EB2AA0,?,?,?,?,?,00EA7DDD,?,?), ref: 00EB8E55
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00EB909A
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00EB90BF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2597970681-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1ad4e07a547415b345d86132a4d46b30ae55f22d31387ee3d2c8f73e2b0f862e
                                                                                                                                                                                                                                                                      • Instruction ID: 1795a9bc0179908b0f4255b4b9c16db3001c7b33f047d193722bd8faa337494b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ad4e07a547415b345d86132a4d46b30ae55f22d31387ee3d2c8f73e2b0f862e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF51F172600216AFEB25AF78CC41EFB7BAAEB40754F145629FE04F6252EB35DC40C690
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBEEDD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00EBF652,00000000,00000000,00000000,00000000,00000000,00EB67BA), ref: 00EBEF1F
                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00EBEF9A
                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00EBEFB5
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00EBEFDB
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,00000000,00EBF652,00000000,?,?,?,?,?,?,?,?,?,00EBF652,00000000), ref: 00EBEFFA
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,00000001,00EBF652,00000000,?,?,?,?,?,?,?,?,?,00EBF652,00000000), ref: 00EBF033
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                      • Opcode ID: fe3e7b7b895772291dbb883c808a5df09d27b3b44443e3e6da56e91f49a862d9
                                                                                                                                                                                                                                                                      • Instruction ID: 31d2f92cde0eded283646e755fac900d5fba3c3cfcab7f6a6b10587ac403cceb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe3e7b7b895772291dbb883c808a5df09d27b3b44443e3e6da56e91f49a862d9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5751A071E01249AFCB10CFA8DC85AEEBBF8FF09310F14516AE951F72A2D6319945CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB1D80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00EB1DAB
                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00EB1DB3
                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00EB1E41
                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00EB1E6C
                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00EB1EC1
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: c2ffebd9a0e5fc4b97b1261d40e266d9d4c71c5eb2706139ca4c695daebd05c2
                                                                                                                                                                                                                                                                      • Instruction ID: 41351d8bfef7c2af8492d94e159eb129a899da73cf57a43bc3bfe7be06f28385
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2ffebd9a0e5fc4b97b1261d40e266d9d4c71c5eb2706139ca4c695daebd05c2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4041A434A002089BCF10DF68C8A5AEFBBB5BF44328F5491A9ED14BB391D731DA15CB91
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAD860 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___from_strstr_to_strchr.LIBCMT ref: 00EAD90A
                                                                                                                                                                                                                                                                        • Part of subcall function 00EA7DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00EA7DD8
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EAD997
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB203A: RaiseException.KERNEL32(?,?,00EA8071,?,?,?,?,?,?,?,?,00EA8071,?,00ECB144,00000000), ref: 00EB209A
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EAD9B2
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise___from_strstr_to_strchr___std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: 0123456789ABCDEF$Unable to convert invalid hexadecimal character!$Unable to convert invalid hexadecimal string!
                                                                                                                                                                                                                                                                      • API String ID: 2723989866-230084144
                                                                                                                                                                                                                                                                      • Opcode ID: 5271abcbefa74cc602bca7389828e54ad58fc286198ce9f9ee535db481c74b5f
                                                                                                                                                                                                                                                                      • Instruction ID: c3e1bfd9d32ed92092fc8d976926dfe3698eb363e521eb6060d4b13ee8ea8a3d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5271abcbefa74cc602bca7389828e54ad58fc286198ce9f9ee535db481c74b5f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C741EFB0A046059FCB00DFA8CA51BEFBBE4EF49700F10505DE416BB680D775E904CBA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBBA01 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EBB9C5: _free.LIBCMT ref: 00EBB9EE
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBA4F
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: HeapFree.KERNEL32(00000000,00000000,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?), ref: 00EB8DFF
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: GetLastError.KERNEL32(?,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?,?), ref: 00EB8E11
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBA5A
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBA65
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBAB9
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBAC4
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBACF
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBBADA
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                      • Opcode ID: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                                                                                                                      • Instruction ID: fd07ad3314c186181f3667f379dfacf38d58b6396fce697d13b69699744b5b17
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57113D75941B08BADA20BBB0DC47FCB77DCAF46700F406916B399B6192DBB5B5048790
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB2FFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00EB2FF1,00EB2215), ref: 00EB3008
                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EB3016
                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EB302F
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00EB2FF1,00EB2215), ref: 00EB3081
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2a2156ed40e6443f3648d1899ada5e272b6f5b0cadf19b98a45fa41ea0c1fa46
                                                                                                                                                                                                                                                                      • Instruction ID: ec693f3740a073b5fe8561aa1b09cdbe1862b9ac76bd9e70fc9abe6c6e21670b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a2156ed40e6443f3648d1899ada5e272b6f5b0cadf19b98a45fa41ea0c1fa46
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 060184322097116EA625367A7D87ADB2794DF017787241339FA10751F1EF964E069182
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB8AA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00EB4E11,?,?,?,00EB52E9,4942A14B,00000000,?,00EAD904,0123456789ABCDEF,4942A14B,?,?,00000000), ref: 00EB8AA9
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8ADC
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8B04
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00EB52E9,4942A14B,00000000,?,00EAD904,0123456789ABCDEF,4942A14B,?,?,00000000,00EA8722), ref: 00EB8B11
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00EB52E9,4942A14B,00000000,?,00EAD904,0123456789ABCDEF,4942A14B,?,?,00000000,00EA8722), ref: 00EB8B1D
                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 00EB8B23
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                      • Opcode ID: 31e4dd7b31828a0a134ca6babd136b18018790252e320eb0b628a31fb4d847ab
                                                                                                                                                                                                                                                                      • Instruction ID: e4ba2df575ffb85e0cc94f087c67d4139820f36402fccd1f2a8bbdaddd4717bc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31e4dd7b31828a0a134ca6babd136b18018790252e320eb0b628a31fb4d847ab
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F0F9361016006BC611733A6E0BFEF259D9BC1725F242136F914F2392DEA28802C150
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA3BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 00EA3BF5
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB059D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00EB05A9
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB059D: __CxxThrowException@8.LIBVCRUNTIME ref: 00EB05B7
                                                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 00EA3C05
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB05BD: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00EB05C9
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB05BD: __CxxThrowException@8.LIBVCRUNTIME ref: 00EB05D7
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB05BD: ___delayLoadHelper2@8.DELAYIMP ref: 00EB05EF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument$Helper2@8Load___delay
                                                                                                                                                                                                                                                                      • String ID: invalid string_view position$string too long$vector<T> too long
                                                                                                                                                                                                                                                                      • API String ID: 1134749845-2832074639
                                                                                                                                                                                                                                                                      • Opcode ID: 1a796bc8668e69c50ced3193adf5dbd13e3fe7878bf5b3f8296f76518f2bc4a7
                                                                                                                                                                                                                                                                      • Instruction ID: 09eab23a74ac459ba66d9f267fb74490d6be5fd3f5e57fe0ac1773393868a9c2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a796bc8668e69c50ced3193adf5dbd13e3fe7878bf5b3f8296f76518f2bc4a7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5F027B11013084A462CE7309C07DEBB3C59D05334B60672AB835EA8D2DB21FF068622
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0A80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00ECEA40,?,?,00EA219F,00ECE97C), ref: 00EB0A8A
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00ECEA40,?,?,00EA219F,00ECE97C), ref: 00EB0ABD
                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(00000000,00EA219F,00ECE97C), ref: 00EB0B4B
                                                                                                                                                                                                                                                                      • ResetEvent.KERNEL32 ref: 00EB0B57
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 3553466030-935976969
                                                                                                                                                                                                                                                                      • Opcode ID: 9ca59945d0cc4ea13ee6943ce826f51cdce6e764d0cc4a1d7a5f32630ac97a98
                                                                                                                                                                                                                                                                      • Instruction ID: 83baac857f941ed4add82f12cd63f430475255d19728a9ccc9bb20c9a7e0112d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ca59945d0cc4ea13ee6943ce826f51cdce6e764d0cc4a1d7a5f32630ac97a98
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB018F31601620DFCB059F27FC49EA937A9FB0A3113044479E806B3320CB73690ACB84
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB7CDF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00EB7C90,00000000,?,00EB7C30,00000000,00ECBA28,0000000C,00EB7D87,00000000,00000002), ref: 00EB7CFF
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EB7D12
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00EB7C90,00000000,?,00EB7C30,00000000,00ECBA28,0000000C,00EB7D87,00000000,00000002), ref: 00EB7D35
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                      • Opcode ID: da5ffe51aa62cea07d562650dfcffb010970d5d795522d482e8adda88198e8dc
                                                                                                                                                                                                                                                                      • Instruction ID: 6b0cfc4c06c282624364946480b1c6522bd89e3a9950b4f657e0488520d1424d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da5ffe51aa62cea07d562650dfcffb010970d5d795522d482e8adda88198e8dc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F04431600218BFCB159FA1DC49FEEBFB5EF44755F014168F805B6160DB725E86CA90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAFAC0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 151memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00EAFC26
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00EAFC2D
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00EAFC4D
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00EAFC54
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                                                                      • API String ID: 3859560861-2144431980
                                                                                                                                                                                                                                                                      • Opcode ID: 99ecfecd8fb47523c98496f5620913254a6e2a5b34045cf0420c2f0b6ae33d0f
                                                                                                                                                                                                                                                                      • Instruction ID: d5947de0651f69f97c78b8d5eb95f69acd5f3c153dd8dd1eb3a85cf98c6f9f3d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99ecfecd8fb47523c98496f5620913254a6e2a5b34045cf0420c2f0b6ae33d0f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41514871E002199FCB10CFE5C885AEEBBB8EF09318F045168E815BB251D775AE06CBA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB81DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                      • Opcode ID: 295cf9b57c8f711d5dd5a9509c2fd9505a83382988f76ad86950d8ffdb34f828
                                                                                                                                                                                                                                                                      • Instruction ID: e11a2407c387f145db76a8e948f7b46fa81240bcf9bc40aa9e57b4aef8c9e2f0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 295cf9b57c8f711d5dd5a9509c2fd9505a83382988f76ad86950d8ffdb34f828
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4541E136A002009FDB20DFB8C981AAFB7E9EF88714F1555A9E515FB391DA31ED01CB80
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBA07D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(4942A14B,00000000,8B000053,00EAD904,00000000,00000000,?,?,?,4942A14B,00000001,00EAD904,8B000053,00000001,?,?), ref: 00EBA0CA
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00EBA102
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EBA153
                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00EBA165
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00EBA16E
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8E23: HeapAlloc.KERNEL32(00000000,?,?,?,00EB2AA0,?,?,?,?,?,00EA7DDD,?,?), ref: 00EB8E55
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1857427562-0
                                                                                                                                                                                                                                                                      • Opcode ID: d4caf41ed7a3b36a41247627df37736aada0438c6a14a0764b9448d52430d04a
                                                                                                                                                                                                                                                                      • Instruction ID: 00988c96ed5d97c321397ec95cd0821a8dcf30510f13ed695889c22402e998af
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4caf41ed7a3b36a41247627df37736aada0438c6a14a0764b9448d52430d04a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F31BBB2A0121AAFDF249F68DC41DEF7BA5EB00314F084168EC14E7291EB35CD55CB91
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB8B29 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00EB5183,00EB8E66,?,?,00EB2AA0,?,?,?,?,?,00EA7DDD,?,?), ref: 00EB8B2E
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8B63
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8B8A
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?), ref: 00EB8B97
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?), ref: 00EB8BA0
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                      • Opcode ID: 972f9624fa850bfc24395d03fff2b27075e805ed20e90eb1fa3eb0b4d4dd318d
                                                                                                                                                                                                                                                                      • Instruction ID: 6ef1e02cb676ed0b225595199340160e462eb8a37bcedd5a0d990e02ef3d73eb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 972f9624fa850bfc24395d03fff2b27075e805ed20e90eb1fa3eb0b4d4dd318d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9101F97E101B006FD61222B9AEC6EEF25ADEBC27753242035F905F2391DFB18D06C150
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBB95C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBB974
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: HeapFree.KERNEL32(00000000,00000000,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?), ref: 00EB8DFF
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: GetLastError.KERNEL32(?,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?,?), ref: 00EB8E11
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBB986
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBB998
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBB9AA
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EBB9BC
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                      • Opcode ID: d758d6065796798b378919c4431a0e8e9c19ccaca67e4971043ac68f65d4c05e
                                                                                                                                                                                                                                                                      • Instruction ID: 98163079e7944ed4f48d7b0da8784ff061115ab8a27ad2d9bc3b251f693c9385
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d758d6065796798b378919c4431a0e8e9c19ccaca67e4971043ac68f65d4c05e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18F06D32512600BF8A20EB69F986D8B73EDEB443103642817F148F7780CB71FC808A60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB8450 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB846E
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: HeapFree.KERNEL32(00000000,00000000,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?), ref: 00EB8DFF
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB8DE9: GetLastError.KERNEL32(?,?,00EBB9F3,?,00000000,?,00000000,?,00EBBA1A,?,00000007,?,?,00EBBD3F,?,?), ref: 00EB8E11
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8480
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB8493
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB84A4
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB84B5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                      • Opcode ID: ad813bd8f76be10c13327b57aa942088fe929675df0ed3dd9cede9bd0716f6a3
                                                                                                                                                                                                                                                                      • Instruction ID: feee05dfabcdd43835748bec7f3b41de0378ef606dcdb2b805fbcb86934209f9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad813bd8f76be10c13327b57aa942088fe929675df0ed3dd9cede9bd0716f6a3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39F01D798062209FEA116B16FD41E863AA9E714721304223BF414B63B1CB77054BCBC4
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB750E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Microstub.exe,00000104), ref: 00EB7549
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB7614
                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EB761E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                      • API String ID: 2506810119-3058288037
                                                                                                                                                                                                                                                                      • Opcode ID: d102622482908a1189dcf5e2457d36944964fb29c1fc339b9a81babd833b7dbc
                                                                                                                                                                                                                                                                      • Instruction ID: f077ab96381aab63564c5a88e9c5f9bdd12b00854805103e282d1d24ff33f972
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d102622482908a1189dcf5e2457d36944964fb29c1fc339b9a81babd833b7dbc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2319FB1A09218AFCB21DF99D985DDFBBFCEBC4350B1050AAE844B7350D6B08E45CB90
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA7FE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00EA8004
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(Unable to determine the operating system version!), ref: 00EA804E
                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA806C
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Unable to determine the operating system version!, xrefs: 00EA8049
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorException@8LastThrowVersion
                                                                                                                                                                                                                                                                      • String ID: Unable to determine the operating system version!
                                                                                                                                                                                                                                                                      • API String ID: 2663129220-661432720
                                                                                                                                                                                                                                                                      • Opcode ID: c3e911e4b9b06e5346807f8a79f1e9ac1a95749a89813056d45369a6e81ea1b7
                                                                                                                                                                                                                                                                      • Instruction ID: 192803b98340b04c79ee09b8270a252a3b972c5a57c84b72d72e75c60a08ef3d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3e911e4b9b06e5346807f8a79f1e9ac1a95749a89813056d45369a6e81ea1b7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6012B7091016C5ACB15AB768C66AFE7BF4EF09300F4001EEB4D5F2181DA399B09DF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0ACA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00ECEA40,?,?,?,00EA2139,00ECE974), ref: 00EB0AD5
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00ECEA40,?,?,00EA2139,00ECE974), ref: 00EB0B12
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 3168844106-935976969
                                                                                                                                                                                                                                                                      • Opcode ID: 7dff549384a0e93db335af60c4efb0a6b5f3a09dbdf2585f6f8012ad83c82ad9
                                                                                                                                                                                                                                                                      • Instruction ID: e465b6cc6e1af4146f89ea8e14782e2ea5e1eb90a0414a25b1364430f4d245d7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dff549384a0e93db335af60c4efb0a6b5f3a09dbdf2585f6f8012ad83c82ad9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58F05431600201DFC7149F16D845EA777A8E746735F14162DE956772A0D7712882CB51
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB16E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB176C: GetLastError.KERNEL32 ref: 00EB177E
                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,00EA100A), ref: 00EB1713
                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00EA100A), ref: 00EB1722
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • ,N, xrefs: 00EB1703
                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00EB171D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                      • String ID: ,N$ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                      • API String ID: 389471666-4050817061
                                                                                                                                                                                                                                                                      • Opcode ID: cd138567e9d97b0ebf31ec8f25a3e7bb3da97ffe3a54331ebc5f546a7cbac890
                                                                                                                                                                                                                                                                      • Instruction ID: c911b722c1e9acac88bb8d977ba09f8aab4b30d99015ce29e16313b16769cb49
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd138567e9d97b0ebf31ec8f25a3e7bb3da97ffe3a54331ebc5f546a7cbac890
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31E0E5B01003204FC3209F75E515B8377E0AB06354F4098ADE451E7340DBB2D50A8B91
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB92FC Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                      • Opcode ID: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                                                                                                                      • Instruction ID: 3e04c8d35731a3b58cc7754405002e35e16dddd04652b11d816de2fb38bdba91
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63A177729452869FDB26CF28C891BEFBBE5EF11354F1411ADE695BB283C2348D42C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA11E0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00EA1206
                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00EA1214
                                                                                                                                                                                                                                                                      • GetTextExtentPoint32W.GDI32(?,00000000,-00000002,?), ref: 00EA128F
                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,?), ref: 00EA12D5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExtentObjectPoint32ReleaseSelectText
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4006923989-0
                                                                                                                                                                                                                                                                      • Opcode ID: 29b6f9f24d8d5aec1d66976f6878f898833b46131f3030bd346b3de741153e2a
                                                                                                                                                                                                                                                                      • Instruction ID: e575d0ada665b49367d0d374884c58bcfe7b536437614f3cba9f2b558c4daa31
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b6f9f24d8d5aec1d66976f6878f898833b46131f3030bd346b3de741153e2a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49312D76A002189BCB50DF649C45BDAB7F9FF49300F14D1E9E949B3251DA31AE8A8FD0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB32B2 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 00EB32CC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB3219: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00EB3248
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB3219: ___AdjustPointer.LIBCMT ref: 00EB3263
                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 00EB32E1
                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00EB32F2
                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 00EB331A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                                                                                                                      • Instruction ID: 5e187684db6300fd809690651a8daa9c20fbf2a4712495ea52014ebcd0d9ccc1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A014C32100108BBDF126EA5CC42EEB7FA9EF98754F045118FE58B6121C732E961DBA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EBB1D4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00EBB17B,?,00000000,00000000,00000000,?,00EBB378,00000006,FlsSetValue), ref: 00EBB206
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00EBB17B,?,00000000,00000000,00000000,?,00EBB378,00000006,FlsSetValue,00EC6E08,FlsSetValue,00000000,00000364,?,00EB8B77), ref: 00EBB212
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00EBB17B,?,00000000,00000000,00000000,?,00EBB378,00000006,FlsSetValue,00EC6E08,FlsSetValue,00000000), ref: 00EBB220
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                      • Opcode ID: f35f204c1384a78116003bb750da5980454ea162317f6c24ae0d4be6db6df20f
                                                                                                                                                                                                                                                                      • Instruction ID: 2234beab4fd7289d2fe6e1129598143431b3e6a181365c452abb434d9dc5c6ac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f35f204c1384a78116003bb750da5980454ea162317f6c24ae0d4be6db6df20f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA01FC32602222AFC7214A7ABC44DDB7798EF097A57155530F906F7160D761D905C6D0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EA3B70 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • #17.COMCTL32 ref: 00EA3B84
                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00EA0000,000003E9,?,00000000), ref: 00EA3BA1
                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00EA0000,?,?,00000000), ref: 00EA3BBA
                                                                                                                                                                                                                                                                      • MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00EA3BCF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: LoadString$Message
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2278601591-0
                                                                                                                                                                                                                                                                      • Opcode ID: 8536c1eea31a6ac5491993905fa0ad92dd49049d28bd51faa8685a2dddfebd05
                                                                                                                                                                                                                                                                      • Instruction ID: 65d05ef3125d9d8c1370fc645ac2b1dee23f5c751e31680a3850e90f8707810e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8536c1eea31a6ac5491993905fa0ad92dd49049d28bd51faa8685a2dddfebd05
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FF04435A40208BFDB00AFA5DC46FDDBB78EF08701F0080A5FA05B62D0CBB167498B95
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB9CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                      • String ID: P
                                                                                                                                                                                                                                                                      • API String ID: 269201875-1343716551
                                                                                                                                                                                                                                                                      • Opcode ID: dacbb90287cbb99229c67bf65e62a8e6b81748ab81828b4499f0044177736d72
                                                                                                                                                                                                                                                                      • Instruction ID: 370c26c9683d0369d0f0345b69cce0024b48b9dbdd04a3dd136e3b3950a199f2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dacbb90287cbb99229c67bf65e62a8e6b81748ab81828b4499f0044177736d72
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6119371A122109EDB209B3AED45F9736D9A751724F1C2636F610FA3E2DB72CC4B8680
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EB0900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00EB0900
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: InitializeCriticalSectionAndSpinCount.KERNEL32(00ECEA40,00000FA0,4942A14B,?,?,?,?,00EC2624,000000FF), ref: 00EB0973
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00EC2624,000000FF), ref: 00EB097E
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00EC2624,000000FF), ref: 00EB098F
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00EB09A5
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00EB09B3
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00EB09C1
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00EB09EC
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0944: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00EB09F7
                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 00EB0921
                                                                                                                                                                                                                                                                        • Part of subcall function 00EB0F59: __onexit.LIBCMT ref: 00EB0F5F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                      • String ID: h@
                                                                                                                                                                                                                                                                      • API String ID: 66158676-3431553808
                                                                                                                                                                                                                                                                      • Opcode ID: 3b338fb274773b7f3e82d44df80c411ac37d7c09ea88a4db0c9e43737957b7db
                                                                                                                                                                                                                                                                      • Instruction ID: 82b294003b3d1957704ca4eda1ea6219d473e9df4b3dca62b2c8c4c46aaf8a89
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b338fb274773b7f3e82d44df80c411ac37d7c09ea88a4db0c9e43737957b7db
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1C04C2635838526E45876B45837BDF02820BC1739F507855B34C794D78D60B4441015
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00EAF800 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000004,?,?,?,00EAFCED,?,00000000,?,?,?,00000000), ref: 00EAF814
                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00EAFCED,?,00000000,?,?,?,00000000), ref: 00EAF81B
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,00EAFCED,?,00000000,?,?,?,00000000), ref: 00EAF85A
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EAF861
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3219102010.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219049695.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219196626.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219251308.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3219308713.0000000000ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ea0000_Microstub.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocFree
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 756756679-0
                                                                                                                                                                                                                                                                      • Opcode ID: 38da1ee890381f70e08b31f84397222f57412fd494a5966a6a47fa3b2e036295
                                                                                                                                                                                                                                                                      • Instruction ID: a384fb00a1a8ba88ecfccd6ef81a810f0f56d9968f297b4cc145e614ee7d62b8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38da1ee890381f70e08b31f84397222f57412fd494a5966a6a47fa3b2e036295
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29119DB6600511AFD7109F69DC06FA6B769FB44364F048625F929EB640C732F925CBD0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:5.7%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                                                      Total number of Nodes:563
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:22
                                                                                                                                                                                                                                                                      execution_graph 3342 7ff764c4890c 3343 7ff764c4893c 3342->3343 3350 7ff764c485ec 3343->3350 3345 7ff764c48988 3348 7ff764c4899d 3345->3348 3349 7ff764c28540 _invalid_parameter_noinfo 52 API calls 3345->3349 3347 7ff764c28540 _invalid_parameter_noinfo 52 API calls 3347->3345 3349->3348 3352 7ff764c4861a 3350->3352 3351 7ff764c28860 _invalid_parameter_noinfo 52 API calls 3355 7ff764c48650 3351->3355 3354 7ff764c4861f 3352->3354 3356 7ff764c48710 3352->3356 3354->3351 3354->3355 3355->3345 3355->3347 3357 7ff764c48743 3356->3357 3358 7ff764c48758 3357->3358 3359 7ff764c48785 3357->3359 3370 7ff764c48748 3357->3370 3360 7ff764c28860 _invalid_parameter_noinfo 52 API calls 3358->3360 3361 7ff764c48793 3359->3361 3375 7ff764c29fe0 3359->3375 3360->3370 3363 7ff764c487cb 3361->3363 3364 7ff764c487a7 3361->3364 3366 7ff764c488aa 3363->3366 3367 7ff764c487d4 3363->3367 3382 7ff764c4eb9c 3364->3382 3369 7ff764c4a554 MultiByteToWideChar 3366->3369 3366->3370 3367->3370 3388 7ff764c4a554 3367->3388 3369->3370 3370->3354 3376 7ff764c28540 _invalid_parameter_noinfo 52 API calls 3375->3376 3377 7ff764c29ff7 3376->3377 3391 7ff764c42e2c 3377->3391 3385 7ff764c4ebcd 3382->3385 3387 7ff764c4ecb4 3382->3387 3383 7ff764c503ec 8 API calls 3383->3387 3386 7ff764c4ec89 3385->3386 3415 7ff764c503ec 3385->3415 3386->3370 3387->3383 3387->3386 3389 7ff764c4a55c MultiByteToWideChar 3388->3389 3392 7ff764c2a01f 3391->3392 3393 7ff764c42e45 3391->3393 3395 7ff764c42e98 3392->3395 3393->3392 3399 7ff764c4a8e4 3393->3399 3396 7ff764c2a02f 3395->3396 3397 7ff764c42eb1 3395->3397 3396->3361 3397->3396 3412 7ff764c4b220 3397->3412 3400 7ff764c42940 std::locale::_Setgloballocale 52 API calls 3399->3400 3401 7ff764c4a8f3 3400->3401 3402 7ff764c4a93e 3401->3402 3411 7ff764c41558 EnterCriticalSection 3401->3411 3402->3392 3413 7ff764c42940 std::locale::_Setgloballocale 52 API calls 3412->3413 3414 7ff764c4b229 3413->3414 3418 7ff764c50450 3415->3418 3416 7ff764c189f0 _invalid_parameter_noinfo_noreturn 8 API calls 3417 7ff764c505b6 3416->3417 3417->3385 3418->3416 3419 7ff764b6717a 3421 7ff764b6717d 3419->3421 3420 7ff764b67320 3421->3420 3422 7ff764b672ea RtlVirtualUnwind 3421->3422 3422->3420 3463 7ff764c1bcd0 3470 7ff764c2708c 3463->3470 3466 7ff764c1bcdd 3471 7ff764c27094 3470->3471 3473 7ff764c270c5 3471->3473 3474 7ff764c1bcd9 3471->3474 3483 7ff764c273c0 3471->3483 3475 7ff764c270f0 __vcrt_uninitialize_locks DeleteCriticalSection 3473->3475 3474->3466 3476 7ff764c1be6c 3474->3476 3475->3474 3488 7ff764c27294 3476->3488 3484 7ff764c27144 __vcrt_InitializeCriticalSectionEx 5 API calls 3483->3484 3485 7ff764c273f6 3484->3485 3486 7ff764c2740b InitializeCriticalSectionAndSpinCount 3485->3486 3487 7ff764c27400 3485->3487 3486->3487 3487->3471 3489 7ff764c27144 __vcrt_InitializeCriticalSectionEx 5 API calls 3488->3489 3490 7ff764c272b9 TlsAlloc 3489->3490 3225 7ff764c16c30 3236 7ff764c16f68 3225->3236 3227 7ff764c16c52 3228 7ff764c16c96 Concurrency::cancel_current_task 3227->3228 3240 7ff764c16e28 3227->3240 3247 7ff764c16fe0 3228->3247 3230 7ff764c16c6a 3243 7ff764c16e58 3230->3243 3233 7ff764c16d0a 3235 7ff764c289e0 __std_exception_destroy 13 API calls 3235->3228 3237 7ff764c16f77 3236->3237 3239 7ff764c16f7c 3236->3239 3251 7ff764c415d4 3237->3251 3239->3227 3241 7ff764c18a40 Concurrency::cancel_current_task 56 API calls 3240->3241 3242 7ff764c16e3a 3241->3242 3242->3230 3244 7ff764c16e6a 3243->3244 3245 7ff764c16c75 3243->3245 3284 7ff764c18578 3244->3284 3245->3228 3245->3235 3248 7ff764c16feb LeaveCriticalSection 3247->3248 3249 7ff764c16ff4 3247->3249 3249->3233 3254 7ff764c43a88 3251->3254 3275 7ff764c43170 3254->3275 3257 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3258 7ff764c43ac7 3257->3258 3259 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3258->3259 3260 7ff764c43ae6 3259->3260 3261 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3260->3261 3262 7ff764c43b05 3261->3262 3263 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3262->3263 3264 7ff764c43b24 3263->3264 3265 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3264->3265 3266 7ff764c43b43 3265->3266 3267 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3266->3267 3268 7ff764c43b62 3267->3268 3269 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3268->3269 3270 7ff764c43b81 3269->3270 3271 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3270->3271 3272 7ff764c43ba0 3271->3272 3273 7ff764c43170 std::_Lockit::_Lockit 5 API calls 3272->3273 3274 7ff764c43bbf 3273->3274 3276 7ff764c431d1 3275->3276 3282 7ff764c431cc __vcrt_InitializeCriticalSectionEx 3275->3282 3276->3257 3277 7ff764c43200 LoadLibraryW 3279 7ff764c432d5 3277->3279 3280 7ff764c43225 GetLastError 3277->3280 3278 7ff764c432f5 GetProcAddressForCaller 3278->3276 3279->3278 3281 7ff764c432ec FreeLibrary 3279->3281 3280->3282 3281->3278 3282->3276 3282->3277 3282->3278 3283 7ff764c4325f LoadLibraryExW 3282->3283 3283->3279 3283->3282 3285 7ff764c185ad 3284->3285 3286 7ff764c18586 EncodePointer 3284->3286 3287 7ff764c362a8 std::locale::_Setgloballocale 52 API calls 3285->3287 3286->3245 3288 7ff764c185b2 DeleteCriticalSection 3287->3288 3289 7ff764c42ed0 3295 7ff764c42ee1 _invalid_parameter_noinfo 3289->3295 3290 7ff764c42f32 3293 7ff764c2a5dc __std_exception_copy 10 API calls 3290->3293 3291 7ff764c42f16 RtlAllocateHeap 3292 7ff764c42f30 3291->3292 3291->3295 3293->3292 3294 7ff764c41e00 Concurrency::cancel_current_task 2 API calls 3294->3295 3295->3290 3295->3291 3295->3294 3492 7ff764b802c0 3493 7ff764b80311 Concurrency::cancel_current_task 3492->3493 3494 7ff764c189f0 _invalid_parameter_noinfo_noreturn 8 API calls 3493->3494 3495 7ff764b804a1 3494->3495 3296 7ff764b6c180 3297 7ff764b6c197 3296->3297 3298 7ff764b6c1c1 3296->3298 3300 7ff764b6c1d6 3297->3300 3301 7ff764b6c1a0 3297->3301 3299 7ff764b6c1cf 3298->3299 3308 7ff764c41e00 Concurrency::cancel_current_task 2 API calls 3298->3308 3309 7ff764c18a6a 3298->3309 3302 7ff764b6c340 Concurrency::cancel_current_task 56 API calls 3300->3302 3303 7ff764c18a40 Concurrency::cancel_current_task 56 API calls 3301->3303 3304 7ff764b6c1a8 3302->3304 3303->3304 3305 7ff764b6c1b0 3304->3305 3306 7ff764c28950 _invalid_parameter_noinfo_noreturn 52 API calls 3304->3306 3307 7ff764b6c1e1 3306->3307 3308->3298 3310 7ff764c18a75 3309->3310 3311 7ff764c15dd4 Concurrency::cancel_current_task 56 API calls 3309->3311 3312 7ff764b6c340 Concurrency::cancel_current_task 56 API calls 3310->3312 3311->3310 3313 7ff764c18a7b 3312->3313 2719 7ff764ba33f0 IsProcessorFeaturePresent 2720 7ff764ba3427 GetModuleHandleA GetProcAddress 2719->2720 2721 7ff764ba345b 2720->2721 2736 7ff764c19860 2721->2736 2726 7ff764c09cb2 2727 7ff764c195cc 7 API calls 2726->2727 2728 7ff764c09cbd std::locale::_Setgloballocale 2727->2728 2755 7ff764c0a550 2728->2755 2730 7ff764c09b54 __scrt_acquire_startup_lock __scrt_release_startup_lock 2730->2726 2733 7ff764c09c43 2730->2733 2745 7ff764c19714 2730->2745 2731 7ff764c09cf3 2758 7ff764c16878 2731->2758 2748 7ff764c195cc IsProcessorFeaturePresent 2733->2748 2735 7ff764c09d19 2737 7ff764ba3460 2736->2737 2738 7ff764c19883 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2736->2738 2739 7ff764c18da4 2737->2739 2738->2737 2740 7ff764c18dac 2739->2740 2741 7ff764c18db8 __scrt_dllmain_crt_thread_attach 2740->2741 2742 7ff764c18dc1 2741->2742 2743 7ff764c18dc5 2741->2743 2742->2730 2743->2742 2761 7ff764c1bcf8 2743->2761 2788 7ff764c5ed10 2745->2788 2749 7ff764c195f2 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 2748->2749 2750 7ff764c19611 RtlCaptureContext RtlLookupFunctionEntry 2749->2750 2751 7ff764c1963a RtlVirtualUnwind 2750->2751 2752 7ff764c19676 __scrt_get_show_window_mode 2750->2752 2751->2752 2753 7ff764c196a8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2752->2753 2754 7ff764c196f6 _invalid_parameter_noinfo_noreturn 2753->2754 2754->2726 2790 7ff764b9ff80 2755->2790 3056 7ff764c1aa5c 2758->3056 2760 7ff764c1688a 2760->2735 2762 7ff764c1bd0a 2761->2762 2763 7ff764c1bd00 2761->2763 2762->2742 2767 7ff764c1beb4 2763->2767 2768 7ff764c1bec3 2767->2768 2770 7ff764c1bd05 2767->2770 2775 7ff764c272dc 2768->2775 2771 7ff764c270f0 2770->2771 2772 7ff764c2711b 2771->2772 2773 7ff764c270fe DeleteCriticalSection 2772->2773 2774 7ff764c2711f 2772->2774 2773->2772 2774->2762 2779 7ff764c27144 2775->2779 2780 7ff764c27188 __vcrt_InitializeCriticalSectionEx 2779->2780 2786 7ff764c2722e TlsFree 2779->2786 2781 7ff764c271b6 LoadLibraryExW 2780->2781 2782 7ff764c27275 GetProcAddress 2780->2782 2780->2786 2787 7ff764c271f9 LoadLibraryExW 2780->2787 2783 7ff764c271d7 GetLastError 2781->2783 2784 7ff764c27255 2781->2784 2782->2786 2783->2780 2784->2782 2785 7ff764c2726c FreeLibrary 2784->2785 2785->2782 2787->2780 2787->2784 2789 7ff764c1972b GetStartupInfoW 2788->2789 2789->2733 2801 7ff764c1aa90 2790->2801 2793 7ff764ba000d 2795 7ff764c1ab20 __std_exception_destroy 13 API calls 2793->2795 2797 7ff764ba001c 2795->2797 2811 7ff764c189f0 2797->2811 2798 7ff764c1aa90 __std_exception_copy 54 API calls 2798->2793 2802 7ff764c1aab1 2801->2802 2806 7ff764b9ffec 2801->2806 2803 7ff764c1aae6 2802->2803 2802->2806 2820 7ff764c3a398 2802->2820 2829 7ff764c289e0 2803->2829 2806->2793 2807 7ff764c1ab20 2806->2807 2808 7ff764b9ffff 2807->2808 2809 7ff764c1ab2f 2807->2809 2808->2798 2810 7ff764c289e0 __std_exception_destroy 13 API calls 2809->2810 2810->2808 2812 7ff764c189f9 2811->2812 2813 7ff764ba002c 2812->2813 2814 7ff764c19140 IsProcessorFeaturePresent 2812->2814 2813->2731 2815 7ff764c19158 2814->2815 3051 7ff764c19334 RtlCaptureContext 2815->3051 2821 7ff764c3a3af 2820->2821 2822 7ff764c3a3a5 2820->2822 2836 7ff764c2a5dc 2821->2836 2822->2821 2827 7ff764c3a3ca 2822->2827 2824 7ff764c3a3b6 2839 7ff764c28930 2824->2839 2825 7ff764c3a3c2 2825->2803 2827->2825 2828 7ff764c2a5dc __std_exception_copy 11 API calls 2827->2828 2828->2824 2830 7ff764c42d04 2829->2830 2831 7ff764c42d09 RtlRestoreThreadPreferredUILanguages 2830->2831 2832 7ff764c42d3a 2830->2832 2831->2832 2833 7ff764c42d24 GetLastError 2831->2833 2832->2806 2834 7ff764c42d31 __free_lconv_num 2833->2834 2835 7ff764c2a5dc __std_exception_copy 11 API calls 2834->2835 2835->2832 2842 7ff764c42ab8 GetLastError 2836->2842 2838 7ff764c2a5e5 2838->2824 2900 7ff764c287c4 2839->2900 2843 7ff764c42af9 FlsSetValue 2842->2843 2846 7ff764c42adc 2842->2846 2844 7ff764c42b0b 2843->2844 2845 7ff764c42ae9 SetLastError 2843->2845 2859 7ff764c42ed0 2844->2859 2845->2838 2846->2843 2846->2845 2850 7ff764c42b38 FlsSetValue 2853 7ff764c42b56 2850->2853 2854 7ff764c42b44 FlsSetValue 2850->2854 2851 7ff764c42b28 FlsSetValue 2852 7ff764c42b31 2851->2852 2866 7ff764c42d04 2852->2866 2872 7ff764c426e4 2853->2872 2854->2852 2865 7ff764c42ee1 _invalid_parameter_noinfo 2859->2865 2860 7ff764c42f32 2863 7ff764c2a5dc __std_exception_copy 10 API calls 2860->2863 2861 7ff764c42f16 RtlAllocateHeap 2862 7ff764c42b1a 2861->2862 2861->2865 2862->2850 2862->2851 2863->2862 2865->2860 2865->2861 2877 7ff764c41e00 2865->2877 2867 7ff764c42d09 RtlRestoreThreadPreferredUILanguages 2866->2867 2868 7ff764c42d3a 2866->2868 2867->2868 2869 7ff764c42d24 GetLastError 2867->2869 2868->2845 2870 7ff764c42d31 __free_lconv_num 2869->2870 2871 7ff764c2a5dc __std_exception_copy 9 API calls 2870->2871 2871->2868 2886 7ff764c425bc 2872->2886 2880 7ff764c41e3c 2877->2880 2885 7ff764c41558 EnterCriticalSection 2880->2885 2882 7ff764c41e49 2883 7ff764c415b8 std::locale::_Setgloballocale LeaveCriticalSection 2882->2883 2884 7ff764c41e0e 2883->2884 2884->2865 2898 7ff764c41558 EnterCriticalSection 2886->2898 2901 7ff764c287ef 2900->2901 2908 7ff764c28860 2901->2908 2904 7ff764c28839 2905 7ff764c2884e 2904->2905 2907 7ff764c28540 _invalid_parameter_noinfo 52 API calls 2904->2907 2905->2825 2907->2905 2927 7ff764c285a8 2908->2927 2913 7ff764c28816 2913->2904 2918 7ff764c28540 2913->2918 2919 7ff764c28593 2918->2919 2920 7ff764c28553 GetLastError 2918->2920 2919->2904 2921 7ff764c28563 2920->2921 2922 7ff764c42b80 _invalid_parameter_noinfo 16 API calls 2921->2922 2923 7ff764c2857e SetLastError 2922->2923 2923->2919 2924 7ff764c285a1 2923->2924 2965 7ff764c362a8 2924->2965 2928 7ff764c285ff 2927->2928 2929 7ff764c285c4 GetLastError 2927->2929 2928->2913 2933 7ff764c28614 2928->2933 2930 7ff764c285d4 2929->2930 2940 7ff764c42b80 2930->2940 2934 7ff764c28648 2933->2934 2935 7ff764c28630 GetLastError SetLastError 2933->2935 2934->2913 2936 7ff764c28980 IsProcessorFeaturePresent 2934->2936 2935->2934 2937 7ff764c28993 2936->2937 2957 7ff764c28660 2937->2957 2941 7ff764c42bba FlsSetValue 2940->2941 2942 7ff764c42b9f FlsGetValue 2940->2942 2944 7ff764c42bc7 2941->2944 2946 7ff764c285ef SetLastError 2941->2946 2943 7ff764c42bb4 2942->2943 2942->2946 2943->2941 2945 7ff764c42ed0 _invalid_parameter_noinfo 11 API calls 2944->2945 2947 7ff764c42bd6 2945->2947 2946->2928 2948 7ff764c42bf4 FlsSetValue 2947->2948 2949 7ff764c42be4 FlsSetValue 2947->2949 2951 7ff764c42c12 2948->2951 2952 7ff764c42c00 FlsSetValue 2948->2952 2950 7ff764c42bed 2949->2950 2953 7ff764c42d04 __free_lconv_num 11 API calls 2950->2953 2954 7ff764c426e4 _invalid_parameter_noinfo 11 API calls 2951->2954 2952->2950 2953->2946 2955 7ff764c42c1a 2954->2955 2956 7ff764c42d04 __free_lconv_num 11 API calls 2955->2956 2956->2946 2958 7ff764c2869a _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 2957->2958 2959 7ff764c286c2 RtlCaptureContext RtlLookupFunctionEntry 2958->2959 2960 7ff764c286fc RtlVirtualUnwind 2959->2960 2961 7ff764c28732 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2959->2961 2960->2961 2962 7ff764c28784 _invalid_parameter_noinfo_noreturn 2961->2962 2963 7ff764c189f0 _invalid_parameter_noinfo_noreturn 8 API calls 2962->2963 2964 7ff764c287a3 GetCurrentProcess TerminateProcess 2963->2964 2974 7ff764c476dc 2965->2974 2968 7ff764c362c0 2970 7ff764c362c9 IsProcessorFeaturePresent 2968->2970 2971 7ff764c362f3 std::locale::_Setgloballocale 2968->2971 2972 7ff764c362d8 2970->2972 2973 7ff764c28660 _invalid_parameter_noinfo_noreturn 14 API calls 2972->2973 2973->2971 3002 7ff764c47694 2974->3002 2977 7ff764c4772c 2978 7ff764c47754 2977->2978 2981 7ff764c47775 2977->2981 2979 7ff764c42ab8 __std_exception_copy 11 API calls 2978->2979 2978->2981 2984 7ff764c47768 2978->2984 2979->2984 2980 7ff764c4784c 2986 7ff764c47991 2980->2986 2992 7ff764c4787a 2980->2992 2995 7ff764c478bb 2980->2995 2981->2980 3007 7ff764c41558 EnterCriticalSection 2981->3007 2982 7ff764c477b2 2982->2968 2984->2981 2984->2982 2985 7ff764c477f2 2984->2985 2987 7ff764c2a5dc __std_exception_copy 11 API calls 2985->2987 2994 7ff764c4799e std::locale::_Setgloballocale 2986->2994 3050 7ff764c415b8 LeaveCriticalSection 2986->3050 2988 7ff764c477f7 2987->2988 2991 7ff764c28930 _invalid_parameter_noinfo 52 API calls 2988->2991 2991->2982 2992->2995 3008 7ff764c42940 GetLastError 2992->3008 2993 7ff764c4791a 3001 7ff764c42940 52 API calls std::locale::_Setgloballocale 2993->3001 2998 7ff764c42d04 __free_lconv_num 11 API calls 2994->2998 3000 7ff764c479d2 2994->3000 2995->2993 3049 7ff764c415b8 LeaveCriticalSection 2995->3049 2997 7ff764c478ab 2999 7ff764c42940 std::locale::_Setgloballocale 52 API calls 2997->2999 2998->3000 2999->2995 3000->2968 3001->2993 3003 7ff764c41558 std::locale::_Setgloballocale EnterCriticalSection 3002->3003 3004 7ff764c476ad 3003->3004 3005 7ff764c415b8 std::locale::_Setgloballocale LeaveCriticalSection 3004->3005 3006 7ff764c362b1 3005->3006 3006->2968 3006->2977 3009 7ff764c42981 FlsSetValue 3008->3009 3010 7ff764c42964 FlsGetValue 3008->3010 3011 7ff764c42971 3009->3011 3012 7ff764c42993 3009->3012 3010->3011 3013 7ff764c4297b 3010->3013 3014 7ff764c429ed SetLastError 3011->3014 3015 7ff764c42ed0 _invalid_parameter_noinfo 11 API calls 3012->3015 3013->3009 3016 7ff764c429fa 3014->3016 3017 7ff764c42a0d 3014->3017 3018 7ff764c429a2 3015->3018 3016->2997 3019 7ff764c362a8 std::locale::_Setgloballocale 40 API calls 3017->3019 3020 7ff764c429c0 FlsSetValue 3018->3020 3021 7ff764c429b0 FlsSetValue 3018->3021 3022 7ff764c42a12 3019->3022 3024 7ff764c429de 3020->3024 3025 7ff764c429cc FlsSetValue 3020->3025 3023 7ff764c429b9 3021->3023 3026 7ff764c42a40 FlsSetValue 3022->3026 3027 7ff764c42a25 FlsGetValue 3022->3027 3028 7ff764c42d04 __free_lconv_num 11 API calls 3023->3028 3029 7ff764c426e4 _invalid_parameter_noinfo 11 API calls 3024->3029 3025->3023 3031 7ff764c42a4d 3026->3031 3047 7ff764c42a32 3026->3047 3030 7ff764c42a3a 3027->3030 3027->3047 3028->3011 3032 7ff764c429e6 3029->3032 3030->3026 3034 7ff764c42ed0 _invalid_parameter_noinfo 11 API calls 3031->3034 3035 7ff764c42d04 __free_lconv_num 11 API calls 3032->3035 3033 7ff764c362a8 std::locale::_Setgloballocale 40 API calls 3037 7ff764c42ab5 3033->3037 3038 7ff764c42a5c 3034->3038 3035->3014 3036 7ff764c42a38 3036->2997 3039 7ff764c42a7a FlsSetValue 3038->3039 3040 7ff764c42a6a FlsSetValue 3038->3040 3041 7ff764c42a98 3039->3041 3042 7ff764c42a86 FlsSetValue 3039->3042 3043 7ff764c42a73 3040->3043 3044 7ff764c426e4 _invalid_parameter_noinfo 11 API calls 3041->3044 3042->3043 3045 7ff764c42d04 __free_lconv_num 11 API calls 3043->3045 3046 7ff764c42aa0 3044->3046 3045->3047 3048 7ff764c42d04 __free_lconv_num 11 API calls 3046->3048 3047->3033 3047->3036 3048->3036 3052 7ff764c1934e RtlLookupFunctionEntry 3051->3052 3053 7ff764c1916b 3052->3053 3054 7ff764c19364 RtlVirtualUnwind 3052->3054 3055 7ff764c19100 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 3053->3055 3054->3052 3054->3053 3059 7ff764c1bd40 3056->3059 3065 7ff764c1bd5c 3059->3065 3062 7ff764c1aa65 3062->2760 3063 7ff764c362a8 std::locale::_Setgloballocale 52 API calls 3064 7ff764c1bd58 3063->3064 3066 7ff764c1bd7b GetLastError 3065->3066 3067 7ff764c1bd49 3065->3067 3079 7ff764c27324 3066->3079 3067->3062 3067->3063 3080 7ff764c27144 __vcrt_InitializeCriticalSectionEx 5 API calls 3079->3080 3081 7ff764c2734b TlsGetValue 3080->3081 3423 7ff764c3c2f8 3424 7ff764c3c2fd 3423->3424 3427 7ff764c3c33e 3423->3427 3426 7ff764c3c347 3424->3426 3424->3427 3434 7ff764c359fc 3424->3434 3428 7ff764c28980 _invalid_parameter_noinfo_noreturn 17 API calls 3426->3428 3429 7ff764c3c35c 3428->3429 3430 7ff764c2a5dc __std_exception_copy 11 API calls 3429->3430 3431 7ff764c3c385 3430->3431 3432 7ff764c28930 _invalid_parameter_noinfo 52 API calls 3431->3432 3433 7ff764c3c390 3432->3433 3436 7ff764c35a0c 3434->3436 3437 7ff764c35a16 3434->3437 3435 7ff764c2a5dc __std_exception_copy 11 API calls 3438 7ff764c35a1e 3435->3438 3436->3437 3441 7ff764c35a4f 3436->3441 3437->3435 3439 7ff764c28930 _invalid_parameter_noinfo 52 API calls 3438->3439 3440 7ff764c35a2a 3439->3440 3440->3424 3441->3440 3442 7ff764c2a5dc __std_exception_copy 11 API calls 3441->3442 3442->3438 3083 7ff764bf93d0 3084 7ff764bf93e3 3083->3084 3085 7ff764bf9427 3083->3085 3093 7ff764c18f90 3084->3093 3088 7ff764c18f90 55 API calls 3089 7ff764bf93fb 3088->3089 3090 7ff764c18f90 55 API calls 3089->3090 3091 7ff764bf9407 3090->3091 3096 7ff764c09f00 3091->3096 3099 7ff764c18f54 3093->3099 3095 7ff764bf93ef 3095->3088 3114 7ff764c18a40 3096->3114 3098 7ff764c09f23 3098->3085 3100 7ff764c18f6e 3099->3100 3102 7ff764c18f67 3099->3102 3103 7ff764c42234 3100->3103 3102->3095 3106 7ff764c41e70 3103->3106 3113 7ff764c41558 EnterCriticalSection 3106->3113 3108 7ff764c41e8c 3109 7ff764c41ee8 55 API calls 3108->3109 3110 7ff764c41e95 3109->3110 3111 7ff764c415b8 std::locale::_Setgloballocale LeaveCriticalSection 3110->3111 3112 7ff764c41e9e 3111->3112 3112->3102 3115 7ff764c18a4b 3114->3115 3116 7ff764c18a64 3115->3116 3117 7ff764c41e00 Concurrency::cancel_current_task 2 API calls 3115->3117 3118 7ff764c18a6a 3115->3118 3116->3098 3117->3115 3119 7ff764c18a75 3118->3119 3123 7ff764c15dd4 3118->3123 3133 7ff764b6c340 3119->3133 3122 7ff764c18a7b 3122->3098 3124 7ff764c15de2 Concurrency::cancel_current_task 3123->3124 3149 7ff764c1b9a0 3124->3149 3126 7ff764c15df3 Concurrency::cancel_current_task 3127 7ff764c1b9a0 Concurrency::cancel_current_task 2 API calls 3126->3127 3128 7ff764c15e13 3127->3128 3154 7ff764b86390 3128->3154 3131 7ff764c1b9a0 Concurrency::cancel_current_task 2 API calls 3132 7ff764c15e36 3131->3132 3134 7ff764b6c34e Concurrency::cancel_current_task 3133->3134 3135 7ff764c1b9a0 Concurrency::cancel_current_task 2 API calls 3134->3135 3136 7ff764b6c35f 3135->3136 3137 7ff764b6c39a 3136->3137 3138 7ff764b6c448 3136->3138 3139 7ff764b6c3a8 Concurrency::cancel_current_task 3137->3139 3141 7ff764b6c3d9 3137->3141 3142 7ff764b6c44d 3137->3142 3180 7ff764b6c110 3138->3180 3139->3122 3162 7ff764b6c180 3141->3162 3143 7ff764b6c340 Concurrency::cancel_current_task 56 API calls 3142->3143 3145 7ff764b6c453 3143->3145 3147 7ff764c1aa90 __std_exception_copy 54 API calls 3145->3147 3146 7ff764b6c3f0 Concurrency::cancel_current_task 3146->3122 3148 7ff764b6c496 3147->3148 3148->3122 3150 7ff764c1b9bf 3149->3150 3151 7ff764c1b9e8 RtlPcToFileHeader 3150->3151 3152 7ff764c1ba0a RaiseException 3150->3152 3153 7ff764c1ba00 3151->3153 3152->3126 3153->3152 3157 7ff764b86320 3154->3157 3158 7ff764c1aa90 __std_exception_copy 54 API calls 3157->3158 3159 7ff764b86370 3158->3159 3160 7ff764c189f0 _invalid_parameter_noinfo_noreturn 8 API calls 3159->3160 3161 7ff764b86380 3160->3161 3161->3131 3163 7ff764b6c197 3162->3163 3164 7ff764b6c1c1 3162->3164 3166 7ff764b6c1d6 3163->3166 3167 7ff764b6c1a0 3163->3167 3165 7ff764b6c1cf 3164->3165 3174 7ff764c41e00 Concurrency::cancel_current_task 2 API calls 3164->3174 3175 7ff764c18a6a 3164->3175 3165->3146 3168 7ff764b6c340 Concurrency::cancel_current_task 56 API calls 3166->3168 3169 7ff764c18a40 Concurrency::cancel_current_task 56 API calls 3167->3169 3170 7ff764b6c1a8 3168->3170 3169->3170 3171 7ff764b6c1b0 3170->3171 3190 7ff764c28950 3170->3190 3171->3146 3174->3164 3176 7ff764c18a75 3175->3176 3177 7ff764c15dd4 Concurrency::cancel_current_task 56 API calls 3175->3177 3178 7ff764b6c340 Concurrency::cancel_current_task 56 API calls 3176->3178 3177->3176 3179 7ff764c18a7b 3178->3179 3179->3146 3195 7ff764c15e38 3180->3195 3191 7ff764c287c4 _invalid_parameter_noinfo 52 API calls 3190->3191 3192 7ff764c28969 3191->3192 3193 7ff764c28980 _invalid_parameter_noinfo_noreturn 17 API calls 3192->3193 3194 7ff764c2897e 3193->3194 3200 7ff764c15ca8 3195->3200 3198 7ff764c1b9a0 Concurrency::cancel_current_task 2 API calls 3199 7ff764c15e5a 3198->3199 3201 7ff764c1aa90 __std_exception_copy 54 API calls 3200->3201 3202 7ff764c15cdc 3201->3202 3202->3198 3203 7ff764bf8f30 3204 7ff764bf8f44 3203->3204 3214 7ff764bf8fc6 3203->3214 3205 7ff764c18a40 Concurrency::cancel_current_task 56 API calls 3204->3205 3206 7ff764bf8f60 InitializeCriticalSection 3205->3206 3207 7ff764bf8fcb 3206->3207 3206->3214 3215 7ff764bc1a60 3207->3215 3209 7ff764bf8fd0 3220 7ff764b85a10 3209->3220 3211 7ff764bf8fd9 3212 7ff764b85a10 52 API calls 3211->3212 3213 7ff764bf8fe2 DeleteCriticalSection 3212->3213 3213->3214 3216 7ff764bc1ad2 3215->3216 3217 7ff764bc1a7c 3215->3217 3216->3209 3217->3216 3218 7ff764c28950 _invalid_parameter_noinfo_noreturn 52 API calls 3217->3218 3219 7ff764bc1af7 3218->3219 3221 7ff764b85a27 3220->3221 3222 7ff764b85a50 3220->3222 3221->3222 3223 7ff764c28950 _invalid_parameter_noinfo_noreturn 52 API calls 3221->3223 3222->3211 3224 7ff764b85a70 3223->3224 3224->3211 3443 7ff764c15e80 3448 7ff764b86200 3443->3448 3446 7ff764c1b9a0 Concurrency::cancel_current_task 2 API calls 3447 7ff764c15ea2 3446->3447 3449 7ff764b86320 Concurrency::cancel_current_task 54 API calls 3448->3449 3450 7ff764b86221 3449->3450 3450->3446 3455 7ff764b80c30 3456 7ff764b80c6c 3455->3456 3460 7ff764b80c93 Concurrency::cancel_current_task 3455->3460 3457 7ff764b80c71 3456->3457 3456->3460 3458 7ff764c189f0 _invalid_parameter_noinfo_noreturn 8 API calls 3457->3458 3459 7ff764b80c8d 3458->3459 3461 7ff764c189f0 _invalid_parameter_noinfo_noreturn 8 API calls 3460->3461 3462 7ff764b80e32 3461->3462 3314 7ff764b72ff0 3315 7ff764b7300c 3314->3315 3333 7ff764b73187 3315->3333 3334 7ff764b85e50 3315->3334 3317 7ff764b85e50 56 API calls 3319 7ff764b73194 3317->3319 3333->3317 3339 7ff764b85dc0 3334->3339 3337 7ff764c1b9a0 Concurrency::cancel_current_task 2 API calls 3338 7ff764b85e79 3337->3338 3340 7ff764b86320 Concurrency::cancel_current_task 54 API calls 3339->3340 3341 7ff764b85de1 3340->3341 3341->3337

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 00007FF764BA33F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 87libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFeatureHandleModulePresentProcProcessor
                                                                                                                                                                                                                                                                      • String ID: LdrEnumerateLoadedModules$asw::main::impl::at_exit_action_node::action_failed_exception::action_failed_exception: atexit action throws exception!$ntdll
                                                                                                                                                                                                                                                                      • API String ID: 431857297-521359223
                                                                                                                                                                                                                                                                      • Opcode ID: aacbe2e09ab61e7bf3a1c4424d4fece84d3753ebb67b5af4522973331a70d5e8
                                                                                                                                                                                                                                                                      • Instruction ID: 1b38ed5a30ad42ed81bb421f3eaca35573aa7d7778f7d29a2ca56e8eb7826b85
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aacbe2e09ab61e7bf3a1c4424d4fece84d3753ebb67b5af4522973331a70d5e8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06314821E0D642C2FA16BF67E5D53B9A6A0EF45780FC4143AE64E07B92DE2CE454C730
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C43170 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,00007FF764C415DD,?,?,?,?,00007FF764C16F7C,?,?,00000000,00007FF764C16C52), ref: 00007FF764C432EF
                                                                                                                                                                                                                                                                      • GetProcAddressForCaller.KERNELBASE(?,?,?,?,00007FF764C415DD,?,?,?,?,00007FF764C16F7C,?,?,00000000,00007FF764C16C52), ref: 00007FF764C432FB
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressCallerFreeLibraryProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3520295827-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 1bb1f6fd10978f9494233bd694644c29b5bd21b2dcf760df6914844e21578044
                                                                                                                                                                                                                                                                      • Instruction ID: ff69d77d6df740fe80f727d1e5cb32421fec27b91f10d5588e753b58194520ca
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb1f6fd10978f9494233bd694644c29b5bd21b2dcf760df6914844e21578044
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F41E321B19A02D1FA25EF179984275A7A2BF85BD0F84413ADD0D47FA5DE3CE449C2A0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764B6C180 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 73155330-0
                                                                                                                                                                                                                                                                      • Opcode ID: 73d0cdd554ce0639c0f0ae339e640236379a2c4b90e5c58d7a16717eb3d6f756
                                                                                                                                                                                                                                                                      • Instruction ID: ffb4dafd122a382dc3a93c4fa075ffbf6cc30a32606656e33784746b246dc98b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73d0cdd554ce0639c0f0ae339e640236379a2c4b90e5c58d7a16717eb3d6f756
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DF08212F5A607D6EC49BB53C4D633991A05F58760FD00B31E66E017C1DD2CE0A14720
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C18A40 Relevance: 3.0, APIs: 2, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                                      • Opcode ID: a67e46d92cb31f8053bc142c68085f812b10490304d8009da09411092242ee12
                                                                                                                                                                                                                                                                      • Instruction ID: 2c52bab12ac2208aa73c6c178b1b036f2b396ac730652cb8f771faab81a5285b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a67e46d92cb31f8053bc142c68085f812b10490304d8009da09411092242ee12
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FE04610E0D107CAFC6A396704E95B580600F19770EA85B33D97E063C3AC1CB4928230
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C42D04 Relevance: 3.0, APIs: 2, Instructions: 18threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 588628887-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4d141cb6d78fcbb603c26794ea48834d954c188b741aab7f933ce431baa19642
                                                                                                                                                                                                                                                                      • Instruction ID: 90f9819ee7a19b8d945ae371e59a571a40664dca1dd63a9598a8f40f042612ac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d141cb6d78fcbb603c26794ea48834d954c188b741aab7f933ce431baa19642
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65E01250F19903C7FF187FF398E617695916F98794FC44436C90D92395ED6CA4488620
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C42ED0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF764C42B1A,?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42F25
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6390bdd522abe5bb50de0e2410f70f93fe966c38a5b76437aef8caf913acdb6f
                                                                                                                                                                                                                                                                      • Instruction ID: 50e8536e33498b8135e00a31df736aa55480f2b625cba1fe79cb3364dd757c6f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6390bdd522abe5bb50de0e2410f70f93fe966c38a5b76437aef8caf913acdb6f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF04F54B1A617C1FE547FA79AE22F5D2925F947D0FC80032C90D86381DD2CE9498230
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C42CA4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,?,00007FF764C4858D,?,?,00000000,00007FF764C42583,?,?,?,00007FF764C41F9F,?,?,?,00007FF764C41E95), ref: 00007FF764C42CE2
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                      • Opcode ID: 93b4b25a0141f6712fff37649b522ab9c4ec24ae9a06848a5bb83a724aab405a
                                                                                                                                                                                                                                                                      • Instruction ID: 45821cb72567abdbefd6601cc51e2741d343c06c3df8e5706515743c84f9380c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93b4b25a0141f6712fff37649b522ab9c4ec24ae9a06848a5bb83a724aab405a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56F05E28B0C207C5FA547E639AE22B591926F847E0F980632DD2E853C5EE6CE4859130
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 00007FF764C195CC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                      • Opcode ID: eb437eda6c7ba026fbc896d41ef4ea67a1e54d019cec8b1bcaef7ba0aa396395
                                                                                                                                                                                                                                                                      • Instruction ID: d72a2ae928eb3c49424df87379f3a6c9565fee447079ebf9fc1038051373fdbd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb437eda6c7ba026fbc896d41ef4ea67a1e54d019cec8b1bcaef7ba0aa396395
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC316D72609B81C6EB64AF66E8903EEB774FB84744F84443ADA4E47B94DF38C548C720
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C28660 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                      • Opcode ID: ba807444e8c656bc18d8ec0ff0c775162655868fad316d4a376a06378749310c
                                                                                                                                                                                                                                                                      • Instruction ID: 248012371f6f80e9a5c88a18fd13d4db57e819af5b7eff79a274825d8bdf1705
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba807444e8c656bc18d8ec0ff0c775162655868fad316d4a376a06378749310c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1331A236608F81C6DB64DF26E8806AEB7A4FB88754F900636EA8D43B95DF3CC555CB10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C42940 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast$AllocateHeapLanguagesPreferredRestoreThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 356650666-0
                                                                                                                                                                                                                                                                      • Opcode ID: be7d024b31aa1e541bff095694f3a83ecb98acfee645bb2e0f7e8ceedcd7140b
                                                                                                                                                                                                                                                                      • Instruction ID: 9312027ff9361dbf706387bdf6d1220389aa29ef474584e5763cd89f5091da57
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be7d024b31aa1e541bff095694f3a83ecb98acfee645bb2e0f7e8ceedcd7140b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04414920B08607C1F968BF63A6E21B9E2435F947F4F940737D93E867D6ED2CB4498260
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C27144 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF764C273F6,?,?,?,00007FF764C270B0,?,?,?,00007FF764C1BCD9), ref: 00007FF764C271C9
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF764C273F6,?,?,?,00007FF764C270B0,?,?,?,00007FF764C1BCD9), ref: 00007FF764C271D7
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF764C273F6,?,?,?,00007FF764C270B0,?,?,?,00007FF764C1BCD9), ref: 00007FF764C27201
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF764C273F6,?,?,?,00007FF764C270B0,?,?,?,00007FF764C1BCD9), ref: 00007FF764C2726F
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF764C273F6,?,?,?,00007FF764C270B0,?,?,?,00007FF764C1BCD9), ref: 00007FF764C2727B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: bf0038fc9c37e1440715c0c22da482c2ac446556000bb0cbcee1254be2756ec0
                                                                                                                                                                                                                                                                      • Instruction ID: 9e7ec0a4d901d1099d477c07cb3ef80ec2fd367f8229e18ee3cafa888ac0ec8c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf0038fc9c37e1440715c0c22da482c2ac446556000bb0cbcee1254be2756ec0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0431C421A1B652D1EF15FF17A8C4536A3E8BF48BA0F89053AED2D4A794DF7CE4409360
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C5063C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                      • Opcode ID: 13454c21743845c702a3665e9241d5da4bc9c139fb3c7b1b7fcdaae99c4c1040
                                                                                                                                                                                                                                                                      • Instruction ID: 2c4cfdb1c3122e197789fb1e9fcde0593decaabeb2874969082bf4b93a469e27
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13454c21743845c702a3665e9241d5da4bc9c139fb3c7b1b7fcdaae99c4c1040
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D119021B18B91C6E750AF47E89432AB6A0FB88BE4F804236EE5D87B94CF7CD454C750
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C42AB8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42AC7
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42AFD
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42B2A
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42B3B
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42B4C
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF764C2A5E5,?,?,?,?,00007FF764C42D38), ref: 00007FF764C42B67
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                      • Opcode ID: 19e1435bc874d79802b20fb0b1159267a1f1b735a89bfd1c1e0266c6149b53e2
                                                                                                                                                                                                                                                                      • Instruction ID: 21f349d639a57bcd71c5b07b174f3b53248e07334058877765c7adbf2f73af56
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19e1435bc874d79802b20fb0b1159267a1f1b735a89bfd1c1e0266c6149b53e2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2111F20B19642C2FA587F2367E21B9E1536F947F4F944737D82E877D6ED2CA4458220
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C42B80 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF764C285EF,?,?,00000000,00007FF764C2888A,?,?,?,?,?,00007FF764C28816), ref: 00007FF764C42B9F
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C285EF,?,?,00000000,00007FF764C2888A,?,?,?,?,?,00007FF764C28816), ref: 00007FF764C42BBE
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C285EF,?,?,00000000,00007FF764C2888A,?,?,?,?,?,00007FF764C28816), ref: 00007FF764C42BE6
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C285EF,?,?,00000000,00007FF764C2888A,?,?,?,?,?,00007FF764C28816), ref: 00007FF764C42BF7
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF764C285EF,?,?,00000000,00007FF764C2888A,?,?,?,?,?,00007FF764C28816), ref: 00007FF764C42C08
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                      • Opcode ID: 049765b8f18eb46349199e315099fca26c663e7634c8170321bc7d90258dc4b6
                                                                                                                                                                                                                                                                      • Instruction ID: 12bc7a823347de62de58578d4243d11cbbc5dd22e658ed40bb77c5a7ff4de423
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 049765b8f18eb46349199e315099fca26c663e7634c8170321bc7d90258dc4b6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78113020F08606C1F9587F27A6E21B9E1535F847F4F845737D92E867D6ED2CE4458220
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C403C0 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                      • Opcode ID: c9063c4dd1417649366cd423927d5d9243819b6276b80175f08a9a49f8382992
                                                                                                                                                                                                                                                                      • Instruction ID: 2d274e8ddf47cd780bb1916ad956ac7322b41680730c294132f56beca38075b7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9063c4dd1417649366cd423927d5d9243819b6276b80175f08a9a49f8382992
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5D10732B08A81C9E710DF7AD6801AC7BB2F756798F504236CE5D57B99DE38D40AC750
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C40D9C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF764C40D3C), ref: 00007FF764C40EBF
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF764C40D3C), ref: 00007FF764C40F49
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                                                                                                      • Opcode ID: 79347fb655b989c6bb57e97efbd1ad6f3e5f071d965053a04ad86ce8cacafecc
                                                                                                                                                                                                                                                                      • Instruction ID: 0fa353b7b9c2c6549dc5b5865c70eeedabe7339c4fcf4fda4f75620506bac8b8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79347fb655b989c6bb57e97efbd1ad6f3e5f071d965053a04ad86ce8cacafecc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F91F162A18662C5FB50EF6B95C02BDABA2BB15798F844137DE4E53784CF38D449C330
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764B9FF80 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2960854011-0
                                                                                                                                                                                                                                                                      • Opcode ID: 10f1404b3afd8b5190e645c7e890de3ece6dae153b0084540be0dc18e04d15f3
                                                                                                                                                                                                                                                                      • Instruction ID: 6e17c5aa2cd911c1ef8934cab349f76c3b270d199316dc9b8f4eebdb0c33f1e2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10f1404b3afd8b5190e645c7e890de3ece6dae153b0084540be0dc18e04d15f3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0311C032A28B81C1EB01DF11E4804ACB368FB98794F955136EA8D03755DF39D995C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C19860 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                      • Opcode ID: 37956b51fd57173769aef578c833b91fe405d5b9b3b9bc1e601bb8fabd52e389
                                                                                                                                                                                                                                                                      • Instruction ID: 54902b4d9d17813a9228d229e98057ad7ac7cfb0a81a66fc43186ce1d7cdbc64
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37956b51fd57173769aef578c833b91fe405d5b9b3b9bc1e601bb8fabd52e389
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41114C26B14F02CAEB009F65E8952B873A4FB19758F841E32DA6D867A4DF38D158C350
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C40A6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                      • Opcode ID: bb5268c81073c5105a572d194821c4e75217836fe8ff3e6b4f53fb515f9942a9
                                                                                                                                                                                                                                                                      • Instruction ID: 74e9b5d9019c9bbf78e44d0a13ef6ed3354b6912b4165403171df83b82f355b9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb5268c81073c5105a572d194821c4e75217836fe8ff3e6b4f53fb515f9942a9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3341A532718A45C2EB10EF26E4853AAB7A1FB98794F804132EE8D87794DF3CD445C754
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764B6C110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID: string too long
                                                                                                                                                                                                                                                                      • API String ID: 73155330-2556327735
                                                                                                                                                                                                                                                                      • Opcode ID: 192b27a38d90d8e947e26a359aa8d04af5f630b13a296c275eeed16e7611ddaf
                                                                                                                                                                                                                                                                      • Instruction ID: 37a8fb1e3a4bc137de245794464eb9b5551ed253293e439c5fbb6aeb0f9afd9c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 192b27a38d90d8e947e26a359aa8d04af5f630b13a296c275eeed16e7611ddaf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91E06562E1A607D1EC04BF63D4D607AA1705F58760FD04B31E23D02BD2DD2CD4514720
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF764C1B9A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000002.00000002.3222290378.00007FF764B61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF764B60000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222264349.00007FF764B60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222393925.00007FF764C71000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222448504.00007FF764CD6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222474588.00007FF764CD8000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222499660.00007FF764CDB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000002.00000002.3222525708.00007FF764CE1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff764b60000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: 0506f2aae5e2a513790d4e88a6b28eb5b85344b13fa25f9f38fa0aa6a1773018
                                                                                                                                                                                                                                                                      • Instruction ID: d5a949eaee57d5fce467f6d14885c7697ff93f1ae4851ad11a389253d33ec384
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0506f2aae5e2a513790d4e88a6b28eb5b85344b13fa25f9f38fa0aa6a1773018
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA112E32618B8182EB219F16E490269B7F5FB88B94F584232DECC07759EF3CD551CB10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:9.3%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:6%
                                                                                                                                                                                                                                                                      Total number of Nodes:1855
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:61
                                                                                                                                                                                                                                                                      execution_graph 31136 7ff72da28ec6 31137 7ff72da28ecc GetCurrentProcessId 31136->31137 31138 7ff72da28ed9 31137->31138 31139 7ff72da28ee8 GetCurrentProcessId 31138->31139 31140 7ff72da29061 InstupInit 31138->31140 31142 7ff72da28ef5 31139->31142 31141 7ff72da2906d 31140->31141 31143 7ff72da2911b GetCommandLineW InstupRun 31141->31143 31144 7ff72da29091 31141->31144 31210 7ff72db81820 31142->31210 31146 7ff72da29371 InstupCleanup 31143->31146 31156 7ff72da29134 31143->31156 31147 7ff72dadb0c0 61 API calls 31144->31147 31149 7ff72da2942a 31146->31149 31163 7ff72da2937f 31146->31163 31150 7ff72da2909d 31147->31150 31153 7ff72dbdcd10 DName::DName 8 API calls 31149->31153 31159 7ff72da31d80 89 API calls 31150->31159 31151 7ff72da28f0a 31155 7ff72da279d0 89 API calls 31151->31155 31152 7ff72da28fd7 31221 7ff72dadb0c0 31152->31221 31157 7ff72da29438 31153->31157 31160 7ff72da28f4d 31155->31160 31156->31146 31161 7ff72da29167 EnterCriticalSection 31156->31161 31162 7ff72da291c8 TlsGetValue 31156->31162 31164 7ff72da29110 31159->31164 31160->31140 31165 7ff72da291b9 LeaveCriticalSection 31161->31165 31166 7ff72da29185 31161->31166 31169 7ff72da291df LocalAlloc 31162->31169 31170 7ff72da291d6 31162->31170 31163->31149 31167 7ff72dadb0c0 61 API calls 31163->31167 31171 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31164->31171 31165->31162 31248 7ff72db7b0a0 78 API calls 2 library calls 31166->31248 31174 7ff72da293ae 31167->31174 31177 7ff72da2926a InternetGetConnectedState 31169->31177 31178 7ff72da291fd 31169->31178 31170->31169 31170->31170 31171->31149 31184 7ff72da31d80 89 API calls 31174->31184 31176 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31176->31140 31180 7ff72da29286 31177->31180 31181 7ff72da29208 31178->31181 31182 7ff72da29236 31178->31182 31179 7ff72da2918a 31179->31165 31183 7ff72da29194 TlsAlloc 31179->31183 31189 7ff72dadb0c0 61 API calls 31180->31189 31250 7ff72dbf1908 52 API calls 2 library calls 31181->31250 31253 7ff72dbf1908 52 API calls 2 library calls 31182->31253 31186 7ff72da291a5 LeaveCriticalSection 31183->31186 31187 7ff72da291b3 31183->31187 31184->31164 31186->31177 31249 7ff72db7b1d0 89 API calls 3 library calls 31187->31249 31193 7ff72da2929e 31189->31193 31190 7ff72da29210 31251 7ff72dbfc3a8 52 API calls 2 library calls 31190->31251 31192 7ff72da29242 TlsSetValue 31192->31177 31196 7ff72da29255 31192->31196 31199 7ff72da31d80 89 API calls 31193->31199 31195 7ff72da291b8 31195->31165 31196->31177 31198 7ff72da29260 LocalFree 31196->31198 31197 7ff72da29222 31252 7ff72dbfc3a8 52 API calls 2 library calls 31197->31252 31198->31177 31201 7ff72da2930d 31199->31201 31203 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31201->31203 31202 7ff72da29234 31202->31192 31204 7ff72da29317 31203->31204 31204->31146 31205 7ff72da2931c TlsGetValue 31204->31205 31206 7ff72da29330 31205->31206 31207 7ff72da29356 TlsSetValue 31206->31207 31209 7ff72da29354 31206->31209 31207->31146 31208 7ff72da29368 LocalFree 31207->31208 31208->31146 31209->31146 31214 7ff72db81858 31210->31214 31211 7ff72db818c0 CreateFileW 31212 7ff72db818ff GetLastError 31211->31212 31211->31214 31213 7ff72db819cc 31212->31213 31216 7ff72db819d4 CloseHandle 31213->31216 31217 7ff72db819df 31213->31217 31214->31211 31214->31213 31215 7ff72db81943 DeviceIoControl 31214->31215 31215->31214 31218 7ff72db819b6 GetLastError 31215->31218 31216->31217 31219 7ff72dbdcd10 DName::DName 8 API calls 31217->31219 31218->31213 31220 7ff72da28f02 31219->31220 31220->31151 31220->31152 31222 7ff72dadb116 shared_ptr 31221->31222 31254 7ff72dadb200 31222->31254 31225 7ff72da2df10 56 API calls 31226 7ff72dadb178 31225->31226 31227 7ff72da2e0f0 56 API calls 31226->31227 31228 7ff72dadb18d 31227->31228 31258 7ff72dadaed0 31228->31258 31231 7ff72da2e0f0 56 API calls 31232 7ff72dadb1b3 31231->31232 31233 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31232->31233 31234 7ff72dadb1be 31233->31234 31235 7ff72da2e0f0 56 API calls 31234->31235 31236 7ff72dadb1d3 31235->31236 31237 7ff72dbdcd10 DName::DName 8 API calls 31236->31237 31238 7ff72da28fe3 31237->31238 31239 7ff72da31d80 31238->31239 31240 7ff72da279d0 89 API calls 31239->31240 31242 7ff72da31dd0 31240->31242 31241 7ff72dbdcd10 DName::DName 8 API calls 31243 7ff72da29056 31241->31243 31247 7ff72da31e61 31242->31247 31294 7ff72da3a5f0 56 API calls DName::DName 31242->31294 31243->31176 31245 7ff72da31e12 31246 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31245->31246 31246->31247 31247->31241 31248->31179 31249->31195 31250->31190 31251->31197 31252->31202 31253->31192 31255 7ff72dadb22b 31254->31255 31271 7ff72dbf1054 31255->31271 31259 7ff72dadaf88 FormatMessageW 31258->31259 31266 7ff72dadaf37 31258->31266 31260 7ff72dadafbb 31259->31260 31261 7ff72dadb088 LocalFree 31259->31261 31265 7ff72da2df10 56 API calls 31260->31265 31262 7ff72dadaf83 31261->31262 31263 7ff72dbdcd10 DName::DName 8 API calls 31262->31263 31264 7ff72dadb0a3 31263->31264 31264->31231 31268 7ff72dadafe3 31265->31268 31267 7ff72da2df10 56 API calls 31266->31267 31267->31262 31270 7ff72dadb02a _Yarn 31268->31270 31293 7ff72dbf4500 55 API calls _Getctype 31268->31293 31270->31261 31273 7ff72dbf109c 31271->31273 31272 7ff72dbf10d1 31276 7ff72dbf10da 31272->31276 31290 7ff72dbf2034 52 API calls 2 library calls 31272->31290 31273->31272 31275 7ff72dbf10f4 31273->31275 31277 7ff72dbf1113 31275->31277 31278 7ff72dbf113f 31275->31278 31281 7ff72dbf11f5 31276->31281 31291 7ff72dbeeb70 52 API calls 2 library calls 31276->31291 31287 7ff72dbecb00 54 API calls 3 library calls 31277->31287 31288 7ff72dbecb00 54 API calls 3 library calls 31278->31288 31282 7ff72dadb14e 31281->31282 31292 7ff72dbeeb70 52 API calls 2 library calls 31281->31292 31282->31225 31285 7ff72dbf111c 31285->31276 31289 7ff72dbf2034 52 API calls 2 library calls 31285->31289 31287->31285 31288->31285 31289->31276 31290->31276 31291->31281 31292->31282 31293->31268 31294->31245 30180 7ff72da4b70d 101 API calls 3 library calls 29030 7ff72da4b8eb 99 API calls 30538 7ff72da4b6db 102 API calls 2 library calls 29031 7ff72da4c04b 29142 7ff72da2aef0 29031->29142 29036 7ff72da2aef0 89 API calls 29037 7ff72da4c0d9 29036->29037 29038 7ff72dbdece0 __std_exception_destroy 13 API calls 29037->29038 29039 7ff72da4c119 29038->29039 29149 7ff72da529f0 29039->29149 29042 7ff72da2aef0 89 API calls 29043 7ff72da4c150 29042->29043 29048 7ff72dbdece0 __std_exception_destroy 13 API calls 29043->29048 29044 7ff72da4c9d9 29275 7ff72da5a470 GetModuleHandleW GetProcAddress 29044->29275 29045 7ff72da4c190 29052 7ff72da4cd98 29045->29052 29053 7ff72da4c1d1 29045->29053 29114 7ff72da4c3e1 29045->29114 29048->29045 29049 7ff72da4c9e5 29050 7ff72da4c9e9 29049->29050 29051 7ff72da4ca53 29049->29051 29437 7ff72da36cc0 29050->29437 29055 7ff72da4cb5b GetFileAttributesW 29051->29055 29056 7ff72da4ca5e 29051->29056 29452 7ff72da23890 56 API calls std::_Throw_Cpp_error 29052->29452 29154 7ff72da32f60 29053->29154 29067 7ff72da4cb77 29055->29067 29061 7ff72da279d0 89 API calls 29056->29061 29058 7ff72da4c44c 29215 7ff72da527d0 29058->29215 29091 7ff72da4ca48 29061->29091 29062 7ff72da4cd9d 29453 7ff72dbda850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 29062->29453 29064 7ff72da4c202 29166 7ff72da2e0f0 29064->29166 29065 7ff72da4c4c0 29223 7ff72da5beb0 29065->29223 29073 7ff72da4cbce 29067->29073 29074 7ff72da4cba3 29067->29074 29072 7ff72da4c21f 29078 7ff72da2e0f0 56 API calls 29072->29078 29328 7ff72da279d0 29073->29328 29442 7ff72da515d0 89 API calls DName::DName 29074->29442 29075 7ff72da4cda3 29454 7ff72da237d0 56 API calls 3 library calls 29075->29454 29076 7ff72da4c4f1 29232 7ff72db84980 29076->29232 29077 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29082 7ff72da4ccb8 29077->29082 29083 7ff72da4c27a 29078->29083 29086 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29082->29086 29087 7ff72da2e0f0 56 API calls 29083->29087 29085 7ff72da4c543 29092 7ff72da2e0f0 56 API calls 29085->29092 29089 7ff72da4ccc6 29086->29089 29090 7ff72da4c2d5 29087->29090 29088 7ff72da4cda9 29443 7ff72dbdcd10 29089->29443 29171 7ff72da2de60 29090->29171 29338 7ff72da4cec0 29091->29338 29095 7ff72da4c562 29092->29095 29098 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29095->29098 29096 7ff72da4c327 29099 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29096->29099 29100 7ff72da4c570 29098->29100 29101 7ff72da4c335 29099->29101 29359 7ff72da52660 29100->29359 29103 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29101->29103 29105 7ff72da4c343 RpcStringBindingComposeW 29103->29105 29107 7ff72da4c3a6 29105->29107 29108 7ff72da4c38f RpcBindingFromStringBindingW 29105->29108 29109 7ff72da4c3bf 29107->29109 29110 7ff72da4c3b1 RpcStringFreeW 29107->29110 29108->29107 29111 7ff72da4c3cb 29109->29111 29190 7ff72da4f480 GetCurrentProcess CheckRemoteDebuggerPresent 29109->29190 29110->29109 29113 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29111->29113 29113->29114 29114->29044 29202 7ff72da283a0 29114->29202 29115 7ff72da4c58c shared_ptr 29368 7ff72da50550 29115->29368 29120 7ff72da4c72b 29120->29075 29121 7ff72da4c747 29120->29121 29124 7ff72da4c753 _Yarn 29120->29124 29383 7ff72da320f0 29121->29383 29403 7ff72da51240 29124->29403 29125 7ff72da4c9a2 29427 7ff72da4cdb0 29125->29427 29126 7ff72da51240 57 API calls 29128 7ff72da4c7fb 29126->29128 29128->29126 29139 7ff72da4c88c 29128->29139 29412 7ff72da2c6b0 29128->29412 29418 7ff72da51b20 56 API calls 2 library calls 29128->29418 29129 7ff72da4c9af 29133 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29129->29133 29135 7ff72da4c9bd 29133->29135 29430 7ff72da2db20 29135->29430 29138 7ff72da4c9cb 29140 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29138->29140 29139->29125 29419 7ff72dbdcdf0 AcquireSRWLockExclusive 29139->29419 29424 7ff72dbdad50 64 API calls 29139->29424 29425 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 29139->29425 29426 7ff72da30cd0 100 API calls 29139->29426 29140->29044 29455 7ff72da2d980 29142->29455 29145 7ff72dbdece0 29146 7ff72dbdecef 29145->29146 29147 7ff72da4c0b2 29145->29147 29617 7ff72dbf19f0 13 API calls 2 library calls 29146->29617 29147->29036 29150 7ff72da2aef0 89 API calls 29149->29150 29151 7ff72da52a24 29150->29151 29152 7ff72dbdece0 __std_exception_destroy 13 API calls 29151->29152 29153 7ff72da4c125 29152->29153 29153->29042 29153->29045 29155 7ff72da32fc1 29154->29155 29160 7ff72da32fe8 _Yarn 29154->29160 29156 7ff72da32fd6 29155->29156 29157 7ff72da33054 29155->29157 29159 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 29156->29159 29618 7ff72da237d0 56 API calls 3 library calls 29157->29618 29159->29160 29160->29064 29161 7ff72da33059 29619 7ff72da341b0 99 API calls 3 library calls 29161->29619 29163 7ff72da330f3 29164 7ff72dbdcd10 DName::DName 8 API calls 29163->29164 29165 7ff72da33106 29164->29165 29165->29064 29167 7ff72da2e165 29166->29167 29170 7ff72da2e11e _Yarn 29166->29170 29620 7ff72da32500 56 API calls 4 library calls 29167->29620 29169 7ff72da2e17d 29169->29072 29170->29072 29172 7ff72da2de79 29171->29172 29173 7ff72da2dea2 29171->29173 29172->29173 29621 7ff72dbf2130 29172->29621 29173->29096 29193 7ff72da4f4bb 29190->29193 29191 7ff72da4f4c2 29192 7ff72dbdcd10 DName::DName 8 API calls 29191->29192 29195 7ff72da4f60a 29192->29195 29193->29191 29194 7ff72da4f4fc NdrClientCall3 29193->29194 29196 7ff72da4f536 29194->29196 29195->29111 29196->29191 29197 7ff72da4f54f GetModuleHandleW GetProcAddress 29196->29197 29198 7ff72da4f5eb 29197->29198 29199 7ff72da4f574 VirtualProtect 29197->29199 29198->29191 29199->29198 29201 7ff72da4f5a8 VirtualProtect GetCurrentProcess FlushInstructionCache 29199->29201 29201->29198 29203 7ff72da283da 29202->29203 29204 7ff72da28488 29202->29204 29206 7ff72da283e8 _Yarn 29203->29206 29207 7ff72da2848d 29203->29207 29208 7ff72da28419 29203->29208 29628 7ff72da23890 56 API calls std::_Throw_Cpp_error 29204->29628 29206->29058 29629 7ff72da237d0 56 API calls 3 library calls 29207->29629 29210 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 29208->29210 29211 7ff72da28430 _Yarn 29210->29211 29211->29058 29212 7ff72da28493 29213 7ff72da284df 29212->29213 29214 7ff72da284c9 HeapFree 29212->29214 29213->29058 29214->29058 29216 7ff72da52905 29215->29216 29219 7ff72da5283c 29215->29219 29631 7ff72da23890 56 API calls std::_Throw_Cpp_error 29216->29631 29220 7ff72da5284a _Yarn 29219->29220 29630 7ff72da526f0 56 API calls 4 library calls 29219->29630 29220->29065 29222 7ff72da528c4 _Yarn 29222->29065 29224 7ff72da5bf0c 29223->29224 29225 7ff72da5bfc0 29224->29225 29226 7ff72da5bf22 29224->29226 29633 7ff72da23890 56 API calls std::_Throw_Cpp_error 29225->29633 29228 7ff72da5bf30 29226->29228 29632 7ff72da526f0 56 API calls 4 library calls 29226->29632 29228->29076 29231 7ff72da5bf8c _Yarn 29231->29076 29634 7ff72db876c0 29232->29634 29236 7ff72db849ef 29237 7ff72db84a07 RegCloseKey 29236->29237 29243 7ff72db84a19 29236->29243 29238 7ff72db84a11 SetLastError 29237->29238 29237->29243 29238->29243 29239 7ff72db84ba8 29711 7ff72db87310 56 API calls 2 library calls 29239->29711 29241 7ff72db84bcf 29244 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29241->29244 29242 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29245 7ff72db84b64 29242->29245 29243->29239 29246 7ff72db84ab6 ExpandEnvironmentStringsW 29243->29246 29259 7ff72db84b3a 29243->29259 29247 7ff72db84bdf 29244->29247 29248 7ff72dbdcd10 DName::DName 8 API calls 29245->29248 29710 7ff72da2c300 56 API calls 29246->29710 29712 7ff72db84670 54 API calls 29247->29712 29250 7ff72db84b73 29248->29250 29250->29085 29251 7ff72db84afa 29254 7ff72db84b7f 29251->29254 29256 7ff72db84b09 ExpandEnvironmentStringsW 29251->29256 29253 7ff72db84bf0 29257 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29253->29257 29261 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29254->29261 29256->29247 29258 7ff72db84b32 29256->29258 29260 7ff72db84c00 29257->29260 29258->29259 29258->29260 29259->29242 29713 7ff72db84670 54 API calls 29260->29713 29261->29239 29263 7ff72db84c11 29264 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29263->29264 29265 7ff72db84c21 29264->29265 29266 7ff72db876c0 112 API calls 29265->29266 29267 7ff72db84c7c RegQueryValueExW 29266->29267 29714 7ff72db843a0 29267->29714 29269 7ff72db84cdc 29270 7ff72db84d06 29269->29270 29271 7ff72db84cf1 RegCloseKey 29269->29271 29273 7ff72dbdcd10 DName::DName 8 API calls 29270->29273 29271->29270 29272 7ff72db84cfe SetLastError 29271->29272 29272->29270 29274 7ff72db84d18 29273->29274 29274->29085 29276 7ff72da5a4d4 29275->29276 29277 7ff72da5a50f 29275->29277 29278 7ff72da5a4e6 29276->29278 29279 7ff72da5a772 29276->29279 29907 7ff72db8bf70 29277->29907 29816 7ff72da60770 29278->29816 29285 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29279->29285 29283 7ff72da5a53c 29943 7ff72da32bd0 29283->29943 29287 7ff72da5a797 29285->29287 29290 7ff72da5a868 29287->29290 29304 7ff72da5a80a 29287->29304 29289 7ff72da5a50a 29326 7ff72da5a64d 29289->29326 29895 7ff72da5aa60 29289->29895 29294 7ff72da5a8f8 29290->29294 29317 7ff72da5a88e VirtualQuery 29290->29317 29291 7ff72da5a54b GetProcessHeap 29292 7ff72da5a57e 29291->29292 29293 7ff72da5a5a7 29291->29293 29955 7ff72da2b010 57 API calls 3 library calls 29292->29955 29308 7ff72da5a5db LeaveCriticalSection 29293->29308 29315 7ff72da5a5cc HeapFree 29293->29315 29316 7ff72da5a5d4 29293->29316 29295 7ff72da5a907 RevertToSelf 29294->29295 29296 7ff72da5a9e1 29294->29296 29295->29296 29301 7ff72da5a915 29295->29301 29309 7ff72da36cc0 89 API calls 29296->29309 29327 7ff72da5a852 29296->29327 29298 7ff72da5a730 29306 7ff72da5a747 29298->29306 29307 7ff72da5a739 SetErrorMode 29298->29307 29299 7ff72da5a6d5 RtlAddVectoredExceptionHandler 29299->29298 29303 7ff72da5a6ed 29299->29303 29310 7ff72da279d0 89 API calls 29301->29310 29957 7ff72da50e30 89 API calls DName::DName 29303->29957 29312 7ff72da36cc0 89 API calls 29304->29312 29305 7ff72da5a58a 29956 7ff72dbf1908 52 API calls 2 library calls 29305->29956 29314 7ff72dbdcd10 DName::DName 8 API calls 29306->29314 29307->29306 29308->29289 29309->29327 29310->29327 29312->29327 29321 7ff72da5a757 29314->29321 29315->29308 29316->29308 29317->29294 29322 7ff72da5a8b4 GetModuleHandleW 29317->29322 29318 7ff72dbdcd10 DName::DName 8 API calls 29325 7ff72da5aa46 29318->29325 29319 7ff72da279d0 89 API calls 29319->29326 29320 7ff72da5a5a2 29320->29293 29321->29049 29323 7ff72da5a8c7 GetModuleHandleW 29322->29323 29324 7ff72da5a8da 29322->29324 29323->29294 29323->29324 29324->29327 29325->29049 29326->29298 29326->29299 29327->29318 30049 7ff72da2dc20 29328->30049 29331 7ff72da27ab2 29332 7ff72dbdece0 __std_exception_destroy 13 API calls 29331->29332 29333 7ff72da27aad 29332->29333 29336 7ff72dbdcd10 DName::DName 8 API calls 29333->29336 29334 7ff72da27a7e 29335 7ff72dbdece0 __std_exception_destroy 13 API calls 29334->29335 29335->29333 29337 7ff72da27af3 29336->29337 29337->29091 29339 7ff72da2aef0 89 API calls 29338->29339 29340 7ff72da4cf02 29339->29340 29341 7ff72dbdece0 __std_exception_destroy 13 API calls 29340->29341 29342 7ff72da4cf3d 29341->29342 29343 7ff72da529f0 89 API calls 29342->29343 29344 7ff72da4cf49 29343->29344 29345 7ff72da4cf91 29344->29345 29347 7ff72da2aef0 89 API calls 29344->29347 29346 7ff72da2aef0 89 API calls 29345->29346 29348 7ff72da4cfa5 29346->29348 29349 7ff72da4cf61 29347->29349 29351 7ff72dbdece0 __std_exception_destroy 13 API calls 29348->29351 29350 7ff72dbdece0 __std_exception_destroy 13 API calls 29349->29350 29350->29345 29352 7ff72da4cfd5 29351->29352 29353 7ff72da529f0 89 API calls 29352->29353 29354 7ff72da4cfe1 29353->29354 29355 7ff72da4ccaa 29354->29355 29356 7ff72da2aef0 89 API calls 29354->29356 29355->29077 29357 7ff72da4cff9 29356->29357 29358 7ff72dbdece0 __std_exception_destroy 13 API calls 29357->29358 29358->29355 29360 7ff72da5267d 29359->29360 29361 7ff72da4c57e 29359->29361 29360->29361 29362 7ff72da526a9 RegCloseKey 29360->29362 29364 7ff72da52910 29361->29364 29362->29361 29363 7ff72da526b3 SetLastError 29362->29363 29363->29361 29365 7ff72da52929 29364->29365 29366 7ff72da52949 29364->29366 29365->29364 29365->29366 29367 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 29365->29367 29366->29115 29367->29365 30112 7ff72da24e90 29368->30112 29372 7ff72da4c692 29378 7ff72da50690 29372->29378 29373 7ff72da505c3 29373->29372 30121 7ff72da24d60 57 API calls std::_Throw_Cpp_error 29373->30121 29375 7ff72da50675 29376 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29375->29376 29377 7ff72da50686 29376->29377 29379 7ff72dbdce80 std::_Facet_Register 56 API calls 29378->29379 29380 7ff72da5070d 29379->29380 29381 7ff72dbdaaf0 64 API calls 29380->29381 29382 7ff72da4c6e1 29381->29382 29382->29062 29382->29120 29384 7ff72da32107 29383->29384 29393 7ff72da32131 29383->29393 29385 7ff72da32110 29384->29385 29386 7ff72da32146 29384->29386 29388 7ff72dbdce80 std::_Facet_Register 56 API calls 29385->29388 30167 7ff72da237d0 56 API calls 3 library calls 29386->30167 29389 7ff72da32118 29388->29389 29390 7ff72da32120 29389->29390 29391 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 29389->29391 29390->29124 29401 7ff72da32151 29391->29401 29392 7ff72da3213f 29392->29124 29393->29392 29394 7ff72dc00a38 std::_Facet_Register 2 API calls 29393->29394 29396 7ff72dbdceaa 29393->29396 29394->29393 29395 7ff72da321aa 29395->29124 29400 7ff72dbdceb5 29396->29400 30168 7ff72dbda850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 29396->30168 29399 7ff72da2de60 56 API calls std::_Throw_Cpp_error 29399->29401 30169 7ff72da237d0 56 API calls 3 library calls 29400->30169 29401->29395 29401->29399 29402 7ff72dbdcebb 29402->29124 29404 7ff72da51294 29403->29404 29406 7ff72da5131c 29404->29406 30170 7ff72da2c440 56 API calls 29404->30170 29405 7ff72da513ee 29405->29128 29406->29405 30171 7ff72da24d60 57 API calls std::_Throw_Cpp_error 29406->30171 29409 7ff72da51464 29410 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29409->29410 29411 7ff72da51475 29410->29411 29413 7ff72da2c6ee 29412->29413 30172 7ff72da23890 56 API calls std::_Throw_Cpp_error 29413->30172 29418->29128 29420 7ff72dbdce06 29419->29420 29421 7ff72dbdce0b ReleaseSRWLockExclusive 29420->29421 29423 7ff72dbdce10 SleepConditionVariableSRW 29420->29423 29423->29420 29424->29139 29426->29139 30173 7ff72da50490 29427->30173 29429 7ff72da4ce0e 29429->29129 29432 7ff72da2db92 29430->29432 29435 7ff72da2db3c 29430->29435 29431 7ff72da2db61 29431->29432 29434 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 29431->29434 29432->29138 29433 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29433->29435 29436 7ff72da2dbb7 29434->29436 29435->29431 29435->29433 29438 7ff72da279d0 89 API calls 29437->29438 29439 7ff72da36cfd 29438->29439 29440 7ff72dbdcd10 DName::DName 8 API calls 29439->29440 29441 7ff72da36d93 29440->29441 29441->29091 29442->29091 29444 7ff72dbdcd19 29443->29444 29445 7ff72da4cd85 29444->29445 29446 7ff72dbdd320 IsProcessorFeaturePresent 29444->29446 29447 7ff72dbdd338 29446->29447 30178 7ff72dbdd514 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 29447->30178 29449 7ff72dbdd34b 30179 7ff72dbdd2ec SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 29449->30179 29454->29088 29463 7ff72da2e3f0 29455->29463 29459 7ff72da2af0e 29459->29145 29460 7ff72da2d9b5 29460->29459 29508 7ff72da237b0 55 API calls 29460->29508 29464 7ff72da2e431 29463->29464 29491 7ff72da2e58e 29463->29491 29478 7ff72da2e542 29464->29478 29509 7ff72da27380 29464->29509 29466 7ff72da2e59f 29470 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29466->29470 29468 7ff72dbdcd10 DName::DName 8 API calls 29469 7ff72da2d9ad 29468->29469 29493 7ff72db7d250 29469->29493 29472 7ff72da2e5af 29470->29472 29473 7ff72da2e461 29524 7ff72da2ecc0 29473->29524 29474 7ff72da2e4ff 29475 7ff72da2e4f1 29474->29475 29476 7ff72da2e504 WaitForSingleObject 29474->29476 29475->29478 29482 7ff72da2e527 CloseHandle 29475->29482 29476->29475 29478->29468 29480 7ff72da2e56e 29553 7ff72db8d690 54 API calls 29480->29553 29481 7ff72da2e49e 29527 7ff72dbdce80 29481->29527 29485 7ff72dbdcd30 29482->29485 29485->29478 29486 7ff72da2e4b3 29536 7ff72db7db00 72 API calls 29486->29536 29487 7ff72da2e57e 29554 7ff72dbdf810 29487->29554 29490 7ff72da2e4e2 29537 7ff72db7d160 29490->29537 29559 7ff72db8d690 54 API calls 29491->29559 29494 7ff72db7d266 29493->29494 29504 7ff72db7d2b0 29493->29504 29496 7ff72db7d27d 29494->29496 29507 7ff72db7d294 29494->29507 29606 7ff72da237b0 55 API calls 29494->29606 29496->29460 29497 7ff72db7d2bb 29499 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29497->29499 29501 7ff72db7d2cc 29499->29501 29500 7ff72db7d29f 29502 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29500->29502 29609 7ff72dbdec50 29501->29609 29502->29504 29608 7ff72db7d470 54 API calls 29504->29608 29607 7ff72db7d430 54 API calls 29507->29607 29560 7ff72db7d090 29509->29560 29511 7ff72da273c1 29512 7ff72da273f3 29511->29512 29513 7ff72da273dc CloseHandle 29511->29513 29515 7ff72da2742b 29512->29515 29516 7ff72da27415 29512->29516 29514 7ff72dbdcd30 29513->29514 29514->29512 29519 7ff72dbdce80 std::_Facet_Register 56 API calls 29515->29519 29517 7ff72da27427 29516->29517 29518 7ff72da2741c LeaveCriticalSection 29516->29518 29521 7ff72dbdcd10 DName::DName 8 API calls 29517->29521 29518->29517 29520 7ff72da27435 CreateEventW 29519->29520 29520->29517 29522 7ff72da2746a LeaveCriticalSection 29520->29522 29523 7ff72da27484 29521->29523 29522->29517 29523->29473 29523->29474 29572 7ff72da2ed90 29524->29572 29529 7ff72dbdce8b 29527->29529 29528 7ff72dbdcea4 29528->29486 29529->29528 29531 7ff72dbdceaa 29529->29531 29594 7ff72dc00a38 29529->29594 29532 7ff72dbdceb5 29531->29532 29597 7ff72dbda850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 29531->29597 29598 7ff72da237d0 56 API calls 3 library calls 29532->29598 29535 7ff72dbdcebb 29535->29486 29536->29490 29538 7ff72db7d090 75 API calls 29537->29538 29539 7ff72db7d19d 29538->29539 29540 7ff72db7d220 29539->29540 29542 7ff72db7d1b0 SetEvent 29539->29542 29605 7ff72db8d690 54 API calls 29540->29605 29544 7ff72db7d1cc 29542->29544 29545 7ff72db7d1e8 29542->29545 29543 7ff72db7d231 29549 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29543->29549 29544->29545 29546 7ff72db7d1d1 FindCloseChangeNotification 29544->29546 29547 7ff72db7d1fa LeaveCriticalSection 29545->29547 29548 7ff72db7d205 29545->29548 29546->29545 29547->29548 29550 7ff72dbdcd10 DName::DName 8 API calls 29548->29550 29551 7ff72db7d242 29549->29551 29552 7ff72db7d212 29550->29552 29552->29475 29553->29487 29555 7ff72dbdf82f 29554->29555 29556 7ff72dbdf858 RtlPcToFileHeader 29555->29556 29557 7ff72dbdf87a RaiseException 29555->29557 29558 7ff72dbdf870 29556->29558 29557->29491 29558->29557 29559->29466 29561 7ff72db7d13d EnterCriticalSection 29560->29561 29562 7ff72db7d0b9 29560->29562 29561->29511 29563 7ff72dbdce80 std::_Facet_Register 56 API calls 29562->29563 29564 7ff72db7d0c6 InitializeCriticalSection 29563->29564 29565 7ff72db7d0e7 DeleteCriticalSection 29564->29565 29566 7ff72db7d0ff 29564->29566 29570 7ff72db7d0fd 29565->29570 29567 7ff72dbdce80 std::_Facet_Register 56 API calls 29566->29567 29568 7ff72db7d109 29567->29568 29571 7ff72db7db00 72 API calls 29568->29571 29570->29561 29571->29570 29573 7ff72dbdce80 std::_Facet_Register 56 API calls 29572->29573 29574 7ff72da2ed9e 29573->29574 29577 7ff72da2eef0 29574->29577 29578 7ff72da2ef4b 29577->29578 29580 7ff72da2e48a 29578->29580 29581 7ff72da2f230 29578->29581 29580->29480 29580->29481 29582 7ff72da2f26e 29581->29582 29589 7ff72db7b450 29582->29589 29586 7ff72da2f33c 29587 7ff72dbdcd10 DName::DName 8 API calls 29586->29587 29588 7ff72da2f3c4 29587->29588 29588->29580 29593 7ff72db7b4f0 59 API calls 3 library calls 29589->29593 29591 7ff72da2f287 29592 7ff72dbdf5f0 RtlPcToFileHeader RtlPcToFileHeader RaiseException Concurrency::cancel_current_task FindMITargetTypeInstance 29591->29592 29592->29586 29593->29591 29599 7ff72dc00a74 29594->29599 29598->29535 29604 7ff72dc00258 EnterCriticalSection 29599->29604 29605->29543 29607->29500 29608->29497 29610 7ff72dbdec71 29609->29610 29614 7ff72db7d30b 29609->29614 29613 7ff72dbdeca6 29610->29613 29610->29614 29615 7ff72dbf1908 52 API calls 2 library calls 29610->29615 29616 7ff72dbf19f0 13 API calls 2 library calls 29613->29616 29614->29460 29615->29613 29616->29614 29617->29147 29618->29161 29619->29163 29620->29169 29626 7ff72dbf1f98 52 API calls _invalid_parameter_noinfo 29621->29626 29623 7ff72dbf2149 29627 7ff72dbf2160 17 API calls _invalid_parameter_noinfo_noreturn 29623->29627 29626->29623 29629->29212 29630->29222 29632->29231 29635 7ff72db8784c 29634->29635 29636 7ff72db8772b 29634->29636 29735 7ff72db872b0 111 API calls 29635->29735 29638 7ff72db877c0 29636->29638 29639 7ff72da5beb0 56 API calls 29636->29639 29641 7ff72db843a0 57 API calls 29638->29641 29640 7ff72db87749 RegOpenKeyExW 29639->29640 29643 7ff72db8779e 29640->29643 29642 7ff72db87821 29641->29642 29644 7ff72dbdcd10 DName::DName 8 API calls 29642->29644 29645 7ff72da52910 52 API calls 29643->29645 29646 7ff72db849d5 29644->29646 29645->29638 29648 7ff72db86300 RegQueryValueExW 29646->29648 29649 7ff72db863a9 29648->29649 29650 7ff72db86401 29648->29650 29755 7ff72da33e00 29649->29755 29653 7ff72db843a0 57 API calls 29650->29653 29656 7ff72db86438 29650->29656 29652 7ff72db863da 29654 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29652->29654 29653->29656 29657 7ff72db8657f 29654->29657 29655 7ff72db864d4 RegQueryValueExW 29655->29656 29659 7ff72db8651d 29655->29659 29656->29652 29656->29655 29662 7ff72db865ac 29656->29662 29763 7ff72da32370 56 API calls 4 library calls 29656->29763 29660 7ff72dbdcd10 DName::DName 8 API calls 29657->29660 29663 7ff72db843a0 57 API calls 29659->29663 29661 7ff72db86591 29660->29661 29661->29236 29736 7ff72da3c140 56 API calls 29662->29736 29663->29652 29665 7ff72db865e2 29666 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29665->29666 29667 7ff72db865ff RegQueryValueExW 29666->29667 29668 7ff72db866da 29667->29668 29669 7ff72db866a0 29667->29669 29672 7ff72db843a0 57 API calls 29668->29672 29675 7ff72db86711 shared_ptr 29668->29675 29737 7ff72dad3c80 29669->29737 29671 7ff72db866b8 29765 7ff72dad0940 115 API calls 4 library calls 29671->29765 29672->29675 29674 7ff72db86781 RegQueryValueExW 29674->29675 29678 7ff72db867bc 29674->29678 29675->29671 29675->29674 29682 7ff72db8684c 29675->29682 29764 7ff72db87170 56 API calls 5 library calls 29675->29764 29676 7ff72db8681f 29677 7ff72dbdcd10 DName::DName 8 API calls 29676->29677 29681 7ff72db86831 29677->29681 29679 7ff72db843a0 57 API calls 29678->29679 29679->29671 29681->29236 29766 7ff72da3c140 56 API calls 29682->29766 29684 7ff72db86882 29685 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29684->29685 29686 7ff72db8689f RegQueryValueExW 29685->29686 29687 7ff72db8693a 29686->29687 29688 7ff72db86971 29686->29688 29767 7ff72da92c30 56 API calls 2 library calls 29687->29767 29691 7ff72db843a0 57 API calls 29688->29691 29694 7ff72db869a8 shared_ptr 29688->29694 29690 7ff72db8694f 29769 7ff72da2dbc0 29690->29769 29691->29694 29693 7ff72db86a15 RegQueryValueExW 29693->29694 29696 7ff72db86a50 29693->29696 29694->29690 29694->29693 29698 7ff72db86add 29694->29698 29768 7ff72da3c410 56 API calls 4 library calls 29694->29768 29695 7ff72db86ab3 29697 7ff72dbdcd10 DName::DName 8 API calls 29695->29697 29699 7ff72db843a0 57 API calls 29696->29699 29701 7ff72db86ac2 29697->29701 29774 7ff72da3c140 56 API calls 29698->29774 29699->29690 29701->29236 29703 7ff72db86b13 29704 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29703->29704 29705 7ff72db86b30 29704->29705 29707 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 29705->29707 29709 7ff72db86bb0 29705->29709 29707->29709 29708 7ff72db86c42 29775 7ff72da237d0 56 API calls 3 library calls 29709->29775 29710->29251 29711->29241 29712->29253 29713->29263 29715 7ff72db843e7 29714->29715 29716 7ff72db843c2 29714->29716 29715->29269 29781 7ff72db83fb0 29716->29781 29718 7ff72db84447 29797 7ff72db875f0 29718->29797 29720 7ff72db84478 29803 7ff72db874d0 56 API calls 2 library calls 29720->29803 29723 7ff72db84416 29802 7ff72db87400 56 API calls 2 library calls 29723->29802 29724 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29724->29720 29725 7ff72db843cf 29725->29718 29725->29720 29725->29723 29728 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29725->29728 29726 7ff72db84499 29729 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29726->29729 29728->29723 29731 7ff72db844a9 29729->29731 29730 7ff72db84437 29732 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29730->29732 29733 7ff72dbdec50 __std_exception_copy 54 API calls 29731->29733 29732->29718 29734 7ff72db844eb 29733->29734 29734->29269 29736->29665 29738 7ff72dad3ce4 29737->29738 29754 7ff72dad3e16 29737->29754 29739 7ff72dad3d12 29738->29739 29740 7ff72dad3eeb 29738->29740 29747 7ff72dad3e4a _Yarn 29738->29747 29741 7ff72dad3d32 29739->29741 29743 7ff72dad3ef0 29739->29743 29777 7ff72da38c90 56 API calls std::_Throw_Cpp_error 29740->29777 29744 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 29741->29744 29778 7ff72da237d0 56 API calls 3 library calls 29743->29778 29752 7ff72dad3d4b _Yarn 29744->29752 29746 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 29748 7ff72dad3efc 29746->29748 29747->29671 29776 7ff72dad4d30 56 API calls 29748->29776 29752->29746 29752->29754 29754->29671 29756 7ff72da33f2d 29755->29756 29757 7ff72da33e2b 29755->29757 29780 7ff72da2ece0 56 API calls _invalid_parameter_noinfo_noreturn 29756->29780 29762 7ff72da33e46 _Yarn 29757->29762 29779 7ff72da38100 56 API calls 4 library calls 29757->29779 29761 7ff72da33f22 29761->29652 29762->29652 29763->29655 29764->29675 29765->29676 29766->29684 29767->29690 29768->29694 29770 7ff72da2dbd7 29769->29770 29771 7ff72da2dbfc 29769->29771 29770->29771 29772 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 29770->29772 29771->29695 29773 7ff72da2dc1c 29772->29773 29774->29703 29775->29708 29778->29752 29779->29761 29782 7ff72db84010 29781->29782 29782->29782 29783 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 29782->29783 29787 7ff72db84022 29783->29787 29784 7ff72db84245 29785 7ff72db842e7 29784->29785 29786 7ff72da2c5b0 56 API calls 29784->29786 29785->29725 29788 7ff72db84270 _Yarn 29786->29788 29787->29784 29804 7ff72da2c5b0 29787->29804 29790 7ff72da2e0f0 56 API calls 29788->29790 29791 7ff72db842dd 29790->29791 29792 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29791->29792 29792->29785 29793 7ff72db84179 _Yarn 29794 7ff72da2e0f0 56 API calls 29793->29794 29795 7ff72db8423b 29794->29795 29796 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29795->29796 29796->29784 29798 7ff72da2c5b0 56 API calls 29797->29798 29799 7ff72db8762b _Yarn 29798->29799 29800 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 29799->29800 29801 7ff72db84468 29800->29801 29801->29724 29802->29730 29803->29726 29805 7ff72da2c5f8 29804->29805 29806 7ff72da2c6a3 29804->29806 29809 7ff72da2c62e 29805->29809 29810 7ff72da2c69e 29805->29810 29813 7ff72da2c606 29805->29813 29815 7ff72da23890 56 API calls std::_Throw_Cpp_error 29806->29815 29811 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 29809->29811 29814 7ff72da237d0 56 API calls 3 library calls 29810->29814 29811->29813 29813->29793 29814->29806 29817 7ff72db8bf70 73 API calls 29816->29817 29818 7ff72da607ab EnterCriticalSection GetProcessHeap 29817->29818 29819 7ff72dbded70 29818->29819 29820 7ff72da607e7 GetProcessHeap 29819->29820 29825 7ff72da6080e 29820->29825 29843 7ff72da60873 29820->29843 29821 7ff72da60889 HeapAlloc 29822 7ff72da60891 29821->29822 29823 7ff72da608a3 GetProcessHeap 29822->29823 29824 7ff72da609a2 Concurrency::cancel_current_task 29822->29824 29958 7ff72da38cb0 29823->29958 29830 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29824->29830 29828 7ff72da60846 HeapAlloc 29825->29828 29829 7ff72da609bb Concurrency::cancel_current_task 29825->29829 29834 7ff72da6084e 29825->29834 29825->29843 29828->29834 29831 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29829->29831 29830->29829 29833 7ff72da609d5 Concurrency::cancel_current_task 29831->29833 29844 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29833->29844 29834->29833 29965 7ff72dbf1908 52 API calls 2 library calls 29834->29965 29843->29821 29843->29822 29846 7ff72da609ef 29844->29846 29896 7ff72da5aa9c 29895->29896 29897 7ff72da5ab61 SetUnhandledExceptionFilter 29895->29897 29900 7ff72da279d0 89 API calls 29896->29900 29898 7ff72da5abec 29897->29898 29899 7ff72da5ab7c GetModuleHandleW GetProcAddress 29897->29899 30041 7ff72da5b740 29898->30041 29899->29898 29901 7ff72da5aba1 VirtualProtect 29899->29901 29903 7ff72da5aadf 29900->29903 29901->29898 29904 7ff72da5abc2 VirtualProtect 29901->29904 29905 7ff72dbdcd10 DName::DName 8 API calls 29903->29905 29904->29898 29906 7ff72da5a602 29905->29906 29906->29319 29906->29326 29908 7ff72db8c13f 29907->29908 29909 7ff72db8bfa9 29907->29909 29911 7ff72dbdcd10 DName::DName 8 API calls 29908->29911 29910 7ff72db8bfe0 GetModuleHandleW GetClassInfoExW 29909->29910 29912 7ff72db8c001 GetLastError Sleep 29910->29912 29933 7ff72db8c128 29910->29933 29913 7ff72da5a514 EnterCriticalSection 29911->29913 29912->29910 29914 7ff72db8c01b 29912->29914 29913->29283 29915 7ff72db8c027 GetProcessHeap 29914->29915 29918 7ff72db8c193 29914->29918 29916 7ff72db8c042 HeapAlloc 29915->29916 29917 7ff72db8c04a 29915->29917 29916->29917 29920 7ff72db8c05c InitializeCriticalSection GetProcessHeap GetProcessHeap RegisterClassExW 29917->29920 29923 7ff72db8c1b9 Concurrency::cancel_current_task 29917->29923 30047 7ff72db793b0 57 API calls std::_Throw_Cpp_error 29918->30047 29922 7ff72db8c123 29920->29922 29927 7ff72db8c0aa 29920->29927 29921 7ff72db8c1a8 29925 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29921->29925 29924 7ff72db8bf70 57 API calls 29922->29924 29930 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29923->29930 29924->29933 29925->29923 29926 7ff72db8c0e0 DeleteCriticalSection GetProcessHeap 29931 7ff72db8c105 HeapFree 29926->29931 29932 7ff72db8c10d 29926->29932 29927->29926 29928 7ff72db8c0d2 29927->29928 29929 7ff72db8c0ca HeapFree 29927->29929 29928->29926 29929->29928 29934 7ff72db8c1d5 29930->29934 29935 7ff72db8c116 GetLastError 29931->29935 29932->29935 29933->29908 30048 7ff72dbda870 56 API calls Concurrency::cancel_current_task 29934->30048 29935->29922 29936 7ff72db8c168 GetLastError 29935->29936 29937 7ff72db8c175 29936->29937 30046 7ff72db793b0 57 API calls std::_Throw_Cpp_error 29937->30046 29941 7ff72db8c182 29942 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29941->29942 29942->29918 29944 7ff72db8bf70 73 API calls 29943->29944 29947 7ff72da32be9 29944->29947 29945 7ff72db8bf70 73 API calls 29946 7ff72da32c66 29945->29946 29948 7ff72da32c6b 29946->29948 29952 7ff72da32c7f Concurrency::cancel_current_task 29946->29952 29947->29945 29949 7ff72db8bf70 73 API calls 29948->29949 29951 7ff72da32c70 29949->29951 29950 7ff72da32cb6 29950->29291 29951->29291 29952->29950 29953 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 29952->29953 29954 7ff72da32ce0 29953->29954 29955->29305 29956->29320 29957->29298 29959 7ff72da32bd0 73 API calls 29958->29959 29960 7ff72da38d08 GetProcessHeap 29959->29960 29961 7ff72da38d57 29960->29961 29962 7ff72db8bf70 73 API calls 29961->29962 29963 7ff72da38d64 GetProcessHeap 29962->29963 29966 7ff72da36070 60 API calls 3 library calls 29963->29966 29965->29843 30042 7ff72da279d0 89 API calls 30041->30042 30043 7ff72da5b77a 30042->30043 30044 7ff72dbdcd10 DName::DName 8 API calls 30043->30044 30045 7ff72da5b806 30044->30045 30045->29903 30046->29941 30047->29921 30057 7ff72da2e230 30049->30057 30052 7ff72db7d250 57 API calls 30054 7ff72da2dc55 30052->30054 30053 7ff72da27a2b 30053->29331 30053->29334 30054->30053 30087 7ff72da237b0 55 API calls 30054->30087 30058 7ff72da2e271 30057->30058 30084 7ff72da2e3ce 30057->30084 30060 7ff72da2e382 30058->30060 30061 7ff72da27380 79 API calls 30058->30061 30062 7ff72dbdcd10 DName::DName 8 API calls 30060->30062 30064 7ff72da2e295 30061->30064 30065 7ff72da2dc4d 30062->30065 30063 7ff72da2e3df 30066 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30063->30066 30067 7ff72da2e2a1 30064->30067 30068 7ff72da2e33f 30064->30068 30065->30052 30069 7ff72da2e3ef 30066->30069 30088 7ff72da2ebd0 30067->30088 30071 7ff72da2e344 WaitForSingleObject 30068->30071 30086 7ff72da2e331 30068->30086 30071->30086 30073 7ff72da2e367 CloseHandle 30076 7ff72dbdcd30 30073->30076 30074 7ff72da2e3ae 30092 7ff72db8d690 54 API calls 30074->30092 30075 7ff72da2e2de 30077 7ff72dbdce80 std::_Facet_Register 56 API calls 30075->30077 30076->30060 30079 7ff72da2e2f3 30077->30079 30091 7ff72db7db00 72 API calls 30079->30091 30080 7ff72da2e3be 30082 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30080->30082 30082->30084 30083 7ff72da2e322 30085 7ff72db7d160 78 API calls 30083->30085 30093 7ff72db8d690 54 API calls 30084->30093 30085->30086 30086->30060 30086->30073 30094 7ff72da2ed60 30088->30094 30091->30083 30092->30080 30093->30063 30095 7ff72dbdce80 std::_Facet_Register 56 API calls 30094->30095 30096 7ff72da2ed6e 30095->30096 30099 7ff72da2edc0 30096->30099 30100 7ff72da2ee14 30099->30100 30102 7ff72da2e2ca 30100->30102 30103 7ff72da2f030 30100->30103 30102->30074 30102->30075 30104 7ff72da2f06e 30103->30104 30105 7ff72db7b450 59 API calls 30104->30105 30106 7ff72da2f087 30105->30106 30111 7ff72dbdf5f0 RtlPcToFileHeader RtlPcToFileHeader RaiseException Concurrency::cancel_current_task FindMITargetTypeInstance 30106->30111 30108 7ff72da2f13c 30109 7ff72dbdcd10 DName::DName 8 API calls 30108->30109 30110 7ff72da2f1c4 30109->30110 30110->30102 30111->30108 30113 7ff72dbdce80 std::_Facet_Register 56 API calls 30112->30113 30114 7ff72da24ed7 30113->30114 30122 7ff72dbdaaf0 30114->30122 30117 7ff72da507f0 30118 7ff72da5081d 30117->30118 30145 7ff72da358f0 30118->30145 30121->29375 30133 7ff72dbda5b0 30122->30133 30124 7ff72dbdab12 30132 7ff72dbdab56 _Yarn 30124->30132 30141 7ff72dbdacec 56 API calls std::_Facet_Register 30124->30141 30127 7ff72dbdab2a 30142 7ff72dbdad1c 53 API calls std::locale::_Setgloballocale 30127->30142 30128 7ff72da24ee7 30128->30117 30130 7ff72dbdab35 30130->30132 30143 7ff72dbf19f0 13 API calls 2 library calls 30130->30143 30132->30132 30137 7ff72dbda630 30132->30137 30134 7ff72dbda5bf 30133->30134 30136 7ff72dbda5c4 30133->30136 30144 7ff72dc002d4 6 API calls std::_Locinfo::_Locinfo_ctor 30134->30144 30136->30124 30138 7ff72dbda63b LeaveCriticalSection 30137->30138 30140 7ff72dbda644 30137->30140 30140->30128 30141->30127 30142->30130 30143->30132 30146 7ff72dbda5b0 std::_Lockit::_Lockit 6 API calls 30145->30146 30147 7ff72da35924 30146->30147 30148 7ff72dbda5b0 std::_Lockit::_Lockit 6 API calls 30147->30148 30150 7ff72da35972 30147->30150 30149 7ff72da35947 30148->30149 30152 7ff72dbda630 std::_Lockit::~_Lockit LeaveCriticalSection 30149->30152 30151 7ff72da3598e 30150->30151 30164 7ff72da24660 93 API calls 7 library calls 30150->30164 30153 7ff72dbda630 std::_Lockit::~_Lockit LeaveCriticalSection 30151->30153 30152->30150 30154 7ff72da359d9 30153->30154 30156 7ff72dbdcd10 DName::DName 8 API calls 30154->30156 30158 7ff72da359e9 30156->30158 30157 7ff72da359a0 30159 7ff72da359f9 30157->30159 30160 7ff72da359a6 30157->30160 30158->29373 30166 7ff72da23e10 56 API calls 2 library calls 30159->30166 30165 7ff72dbdaaa0 56 API calls std::_Facet_Register 30160->30165 30163 7ff72da359fe 30164->30157 30165->30151 30166->30163 30167->29389 30169->29402 30170->29404 30171->29409 30174 7ff72da504a5 30173->30174 30175 7ff72da504fe 30173->30175 30174->30175 30176 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 30174->30176 30175->29429 30177 7ff72da50543 30176->30177 30178->29449 30299 7ff72dc0125c 30300 7ff72dc012a7 30299->30300 30305 7ff72dc0126b _set_errno_from_matherr 30299->30305 30306 7ff72dbf2280 11 API calls _set_errno_from_matherr 30300->30306 30302 7ff72dc0128e RtlAllocateHeap 30303 7ff72dc012a5 30302->30303 30302->30305 30304 7ff72dc00a38 std::_Facet_Register 2 API calls 30304->30305 30305->30300 30305->30302 30305->30304 30306->30303 30588 7ff72dc04070 30589 7ff72dc040d1 30588->30589 30596 7ff72dc040cc __crtLCMapStringW 30588->30596 30590 7ff72dc04100 LoadLibraryW 30592 7ff72dc041d5 30590->30592 30593 7ff72dc04125 GetLastError 30590->30593 30591 7ff72dc041f5 GetProcAddress 30591->30589 30595 7ff72dc04206 30591->30595 30592->30591 30594 7ff72dc041ec FreeLibrary 30592->30594 30593->30596 30594->30591 30595->30589 30596->30589 30596->30590 30596->30591 30597 7ff72dc0415f LoadLibraryExW 30596->30597 30597->30592 30597->30596 31135 7ff72da2ee20 60 API calls 30598 7ff72da29a81 30599 7ff72da29a8b 30598->30599 30600 7ff72da29ae7 GetProcessHeap HeapSetInformation 30599->30600 30601 7ff72da29b0f GetSystemTimeAsFileTime FileTimeToSystemTime 30599->30601 30600->30601 30773 7ff72da2d3e0 30601->30773 30604 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30605 7ff72da29baa GetCommandLineW 30604->30605 30606 7ff72da29bc2 30605->30606 30606->30606 30607 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30606->30607 30608 7ff72da29bd8 30607->30608 30609 7ff72da2d3e0 101 API calls 30608->30609 30610 7ff72da29bf2 30609->30610 30611 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30610->30611 30612 7ff72da29bfb 30611->30612 30613 7ff72da2c6b0 56 API calls 30612->30613 30614 7ff72da29c0f 30613->30614 30615 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30614->30615 30616 7ff72da29c46 30615->30616 30808 7ff72da2e6f0 30616->30808 30619 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30620 7ff72da29c9f 30619->30620 30621 7ff72da29ca8 30620->30621 30622 7ff72da29e2e 30620->30622 30625 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30621->30625 30623 7ff72da2e0f0 56 API calls 30622->30623 30624 7ff72da29e2c 30623->30624 30627 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30624->30627 30626 7ff72da29cd6 30625->30626 30629 7ff72da2e6f0 100 API calls 30626->30629 30628 7ff72da29e75 30627->30628 30631 7ff72da2e6f0 100 API calls 30628->30631 30630 7ff72da29d1d 30629->30630 30632 7ff72da29d82 30630->30632 30635 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30630->30635 30634 7ff72da29ec3 30631->30634 30633 7ff72da2c6b0 56 API calls 30632->30633 30637 7ff72da29d91 30633->30637 30638 7ff72da279d0 89 API calls 30634->30638 30636 7ff72da29d68 30635->30636 30888 7ff72da2e5b0 100 API calls 2 library calls 30636->30888 30640 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30637->30640 30641 7ff72da29efc 30638->30641 30643 7ff72da29d9a 30640->30643 30642 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30641->30642 30644 7ff72da29f6e 30642->30644 30646 7ff72da2e0f0 56 API calls 30643->30646 30645 7ff72da279d0 89 API calls 30644->30645 30649 7ff72da29f84 30645->30649 30647 7ff72da29e20 30646->30647 30648 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30647->30648 30648->30624 30650 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30649->30650 30651 7ff72da29ff1 30650->30651 30815 7ff72da31ed0 30651->30815 30654 7ff72da279d0 89 API calls 30655 7ff72da2a088 30654->30655 30656 7ff72da2a119 EnterCriticalSection 30655->30656 30820 7ff72da315e0 30656->30820 30658 7ff72da2a159 30659 7ff72da315e0 78 API calls 30658->30659 30664 7ff72da2a165 30659->30664 30661 7ff72da2df10 56 API calls 30661->30658 30662 7ff72da2a189 LeaveCriticalSection 30663 7ff72da2a1b0 30662->30663 30663->30663 30666 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30663->30666 30664->30662 30665 7ff72da2df10 56 API calls 30664->30665 30665->30662 30667 7ff72da2a1c6 30666->30667 30668 7ff72da2e6f0 100 API calls 30667->30668 30669 7ff72da2a213 30668->30669 30670 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30669->30670 30671 7ff72da2a21f 30670->30671 30672 7ff72da2a228 30671->30672 30673 7ff72da2a35f 30671->30673 30676 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30672->30676 30837 7ff72db7fe40 30673->30837 30678 7ff72da2a257 30676->30678 30682 7ff72da2e6f0 100 API calls 30678->30682 30679 7ff72da2a3b9 30680 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30679->30680 30681 7ff72da2a3c5 30680->30681 30891 7ff72db7e450 99 API calls 3 library calls 30681->30891 30684 7ff72da2a29d 30682->30684 30686 7ff72da2a302 30684->30686 30689 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30684->30689 30687 7ff72da2a32b 30686->30687 30692 7ff72da2df10 56 API calls 30686->30692 30690 7ff72da2df10 56 API calls 30687->30690 30688 7ff72da2a475 GetFileAttributesW 30695 7ff72da2a497 30688->30695 30691 7ff72da2a2e8 30689->30691 30693 7ff72da2a355 30690->30693 30889 7ff72da2e5b0 100 API calls 2 library calls 30691->30889 30692->30687 30699 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30693->30699 30696 7ff72da2a59b 30695->30696 30892 7ff72db7e120 57 API calls std::_Throw_Cpp_error 30695->30892 30697 7ff72da2df10 56 API calls 30696->30697 30705 7ff72da2a5c5 30697->30705 30700 7ff72da2a60b 30699->30700 30865 7ff72da28bd0 EnterCriticalSection 30700->30865 30702 7ff72da2a54b 30703 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30702->30703 30703->30696 30706 7ff72da2a5f3 30705->30706 30713 7ff72da2df10 56 API calls 30705->30713 30708 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30706->30708 30707 7ff72da2a4f7 30707->30702 30709 7ff72da2aaf2 30707->30709 30714 7ff72da2a5ff 30708->30714 30710 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 30709->30710 30715 7ff72da2aaf7 30710->30715 30713->30706 30714->30693 30717 7ff72da2db20 56 API calls 30715->30717 30719 7ff72da2ab18 30717->30719 30893 7ff72da2d8d0 56 API calls 2 library calls 30719->30893 30726 7ff72da2ab21 30774 7ff72da2d42a 30773->30774 30776 7ff72da2d432 30773->30776 30775 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30774->30775 30775->30776 30777 7ff72da2de60 56 API calls std::_Throw_Cpp_error 30776->30777 30780 7ff72da2d45d 30776->30780 30777->30776 30779 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30779->30780 30780->30779 30781 7ff72da2d483 30780->30781 30894 7ff72da2e890 30781->30894 30783 7ff72da2d87f 30785 7ff72da2db20 56 API calls 30783->30785 30787 7ff72da2d888 30785->30787 30789 7ff72dbdcd10 DName::DName 8 API calls 30787->30789 30791 7ff72da29b9e 30789->30791 30791->30604 30809 7ff72da29c93 30808->30809 30813 7ff72da2e71f 30808->30813 30809->30619 30810 7ff72dbdcdf0 3 API calls 30810->30813 30813->30809 30813->30810 30902 7ff72dbdad50 64 API calls 30813->30902 30903 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30813->30903 30904 7ff72da30cd0 100 API calls 30813->30904 30816 7ff72da279d0 89 API calls 30815->30816 30817 7ff72da31f0a 30816->30817 30818 7ff72dbdcd10 DName::DName 8 API calls 30817->30818 30819 7ff72da2a036 30818->30819 30819->30654 30821 7ff72db8bf70 73 API calls 30820->30821 30822 7ff72da31613 EnterCriticalSection 30821->30822 30823 7ff72da3163f 30822->30823 30824 7ff72da32bd0 73 API calls 30823->30824 30825 7ff72da3164a GetProcessHeap 30824->30825 30826 7ff72da3167a 30825->30826 30827 7ff72da316a1 30825->30827 30905 7ff72da2b010 57 API calls 3 library calls 30826->30905 30830 7ff72da316d1 LeaveCriticalSection 30827->30830 30832 7ff72da316ca 30827->30832 30833 7ff72da316c2 HeapFree 30827->30833 30829 7ff72da31687 30906 7ff72dbf1908 52 API calls 2 library calls 30829->30906 30834 7ff72dbdcd10 DName::DName 8 API calls 30830->30834 30832->30830 30833->30830 30836 7ff72da2a135 30834->30836 30835 7ff72da3169d 30835->30827 30836->30658 30836->30661 30907 7ff72da32370 56 API calls 4 library calls 30837->30907 30839 7ff72db7feb5 30840 7ff72db80125 30839->30840 30841 7ff72db7fed5 GetCurrentProcess K32GetMappedFileNameW 30839->30841 30847 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30840->30847 30842 7ff72db800f4 GetLastError 30841->30842 30843 7ff72db7ff13 30841->30843 30844 7ff72db8d7e0 54 API calls 30842->30844 30845 7ff72db7ff22 30843->30845 30997 7ff72da32370 56 API calls 4 library calls 30843->30997 30846 7ff72db80111 30844->30846 30908 7ff72db81080 30845->30908 30849 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30846->30849 30851 7ff72db8014f GetLastError 30847->30851 30849->30840 30852 7ff72db8d7e0 54 API calls 30851->30852 30854 7ff72db8016c 30852->30854 30853 7ff72db7fffe 30855 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30853->30855 30856 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30854->30856 30857 7ff72db8000c 30855->30857 30858 7ff72db80180 GetLastError 30856->30858 30860 7ff72dbdcd10 DName::DName 8 API calls 30857->30860 30859 7ff72db8d7e0 54 API calls 30858->30859 30861 7ff72db8019d 30859->30861 30862 7ff72da2a36b 30860->30862 30863 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30861->30863 30890 7ff72db7e120 57 API calls std::_Throw_Cpp_error 30862->30890 30864 7ff72db801b1 30863->30864 30866 7ff72da28c1a 30865->30866 30867 7ff72da28c5a 30865->30867 31103 7ff72da31710 93 API calls 2 library calls 30866->31103 30868 7ff72da28d90 LeaveCriticalSection 30867->30868 31105 7ff72da31a40 56 API calls 3 library calls 30867->31105 30871 7ff72da28cc0 31106 7ff72da28640 66 API calls std::_Throw_Cpp_error 30871->31106 30872 7ff72da28c38 31104 7ff72da31710 93 API calls 2 library calls 30872->31104 30874 7ff72da28cd6 31107 7ff72da31710 93 API calls 2 library calls 30874->31107 30877 7ff72da28cee 30878 7ff72da282e0 std::_Throw_Cpp_error 57 API calls 30877->30878 30879 7ff72da28cfb 30878->30879 31108 7ff72da31a40 56 API calls 3 library calls 30879->31108 30881 7ff72da28d04 31109 7ff72da28640 66 API calls std::_Throw_Cpp_error 30881->31109 30883 7ff72da28d1a 31110 7ff72da31710 93 API calls 2 library calls 30883->31110 30885 7ff72da28d32 30886 7ff72da282e0 std::_Throw_Cpp_error 57 API calls 30885->30886 30887 7ff72da28d3f 30886->30887 30887->30868 30888->30632 30889->30686 30890->30679 30891->30688 30892->30707 30893->30726 30895 7ff72da2d4a4 30894->30895 30898 7ff72da2e8e4 30894->30898 30895->30783 30899 7ff72da2e820 56 API calls std::_Throw_Cpp_error 30895->30899 30898->30895 30900 7ff72da37170 56 API calls 2 library calls 30898->30900 30901 7ff72da32210 56 API calls 4 library calls 30898->30901 30900->30898 30901->30898 30902->30813 30904->30813 30905->30829 30906->30835 30907->30839 30909 7ff72db8154e 30908->30909 30910 7ff72db810cf 30908->30910 30914 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30909->30914 30911 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30910->30911 30912 7ff72db81104 30911->30912 30913 7ff72db8114d 30912->30913 30917 7ff72dbdcdf0 3 API calls 30912->30917 30998 7ff72db815b0 100 API calls 30913->30998 30915 7ff72db8156f 30914->30915 30918 7ff72db8159e 30915->30918 30919 7ff72db81598 FindVolumeClose 30915->30919 30921 7ff72db8112c 30917->30921 30918->30853 30919->30918 30920 7ff72db81176 30922 7ff72db8117a 30920->30922 30923 7ff72db811f7 30920->30923 30921->30913 31083 7ff72dbdad50 64 API calls 30921->31083 31085 7ff72dac1a70 56 API calls DName::DName 30922->31085 30924 7ff72da2df10 56 API calls 30923->30924 30927 7ff72db81211 30924->30927 30930 7ff72db81248 30927->30930 30933 7ff72dbdcdf0 3 API calls 30927->30933 30928 7ff72db8113a 31084 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30928->31084 30929 7ff72db811cd 30932 7ff72da2c6b0 56 API calls 30929->30932 30999 7ff72db815b0 100 API calls 30930->30999 30935 7ff72db811d8 30932->30935 30938 7ff72db81227 30933->30938 30937 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30935->30937 30936 7ff72db81271 30939 7ff72db81275 30936->30939 30940 7ff72db812f2 30936->30940 30941 7ff72db811e6 30937->30941 30938->30930 31086 7ff72dbdad50 64 API calls 30938->31086 31088 7ff72dac1a70 56 API calls DName::DName 30939->31088 30943 7ff72da2df10 56 API calls 30940->30943 30945 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30941->30945 30947 7ff72db8130c 30943->30947 30949 7ff72db811ef 30945->30949 30946 7ff72db81235 31087 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30946->31087 30951 7ff72db81343 30947->30951 30955 7ff72dbdcdf0 3 API calls 30947->30955 30948 7ff72db812c8 30952 7ff72da2c6b0 56 API calls 30948->30952 30956 7ff72dbdcd10 DName::DName 8 API calls 30949->30956 31000 7ff72db815b0 100 API calls 30951->31000 30954 7ff72db812d3 30952->30954 30958 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30954->30958 30959 7ff72db81322 30955->30959 30960 7ff72db8153a 30956->30960 30957 7ff72db8136c 30961 7ff72db81374 30957->30961 30970 7ff72db81469 30957->30970 30962 7ff72db812e1 30958->30962 30959->30951 31089 7ff72dbdad50 64 API calls 30959->31089 30960->30853 31001 7ff72db801c0 SHGetFolderPathW 30961->31001 30964 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30962->30964 30964->30949 30967 7ff72db814eb 30972 7ff72da2c6b0 56 API calls 30967->30972 30968 7ff72db81330 31090 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30968->31090 30969 7ff72da2e0f0 56 API calls 30974 7ff72db81399 30969->30974 30970->30967 30977 7ff72db814a4 30970->30977 30973 7ff72db814f8 30972->30973 31092 7ff72db80a50 74 API calls 5 library calls 30973->31092 31091 7ff72dac1a70 56 API calls DName::DName 30974->31091 30980 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30977->30980 30978 7ff72db81505 31093 7ff72db80df0 60 API calls 3 library calls 30978->31093 30979 7ff72db81429 30982 7ff72da2c6b0 56 API calls 30979->30982 30983 7ff72db814dd 30980->30983 30985 7ff72db81434 30982->30985 30986 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30983->30986 30984 7ff72db81510 30987 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30984->30987 30988 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30985->30988 30986->30949 30989 7ff72db8151e 30987->30989 30990 7ff72db8143f 30988->30990 30991 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30989->30991 30992 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30990->30992 30991->30949 30993 7ff72db8144a 30992->30993 30994 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30993->30994 30995 7ff72db81458 30994->30995 30996 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30995->30996 30996->30949 30997->30845 30998->30920 30999->30936 31000->30957 31002 7ff72db80226 31001->31002 31003 7ff72db8025e 31001->31003 31004 7ff72db80238 GetWindowsDirectoryW 31002->31004 31005 7ff72db80263 31002->31005 31010 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 31003->31010 31006 7ff72db806e7 GetLastError 31004->31006 31007 7ff72db80253 31004->31007 31008 7ff72db80268 GetSystemDirectoryW 31005->31008 31009 7ff72db80293 31005->31009 31097 7ff72db80990 57 API calls std::_Throw_Cpp_error 31006->31097 31007->31003 31035 7ff72db8072c 31007->31035 31012 7ff72db80776 GetLastError 31008->31012 31013 7ff72db80283 31008->31013 31014 7ff72db80298 31009->31014 31015 7ff72db802a5 31009->31015 31082 7ff72db802a0 31010->31082 31099 7ff72db80990 57 API calls std::_Throw_Cpp_error 31012->31099 31013->31003 31040 7ff72db807c1 31013->31040 31094 7ff72db808b0 70 API calls DName::DName 31014->31094 31018 7ff72db802aa 31015->31018 31019 7ff72db802b7 31015->31019 31095 7ff72db80920 70 API calls DName::DName 31018->31095 31024 7ff72db803a5 31019->31024 31025 7ff72db802c0 31019->31025 31020 7ff72db8071b 31027 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31020->31027 31022 7ff72db807ad 31032 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31022->31032 31029 7ff72db803ae 31024->31029 31030 7ff72db8054d 31024->31030 31033 7ff72da527d0 56 API calls 31025->31033 31027->31035 31028 7ff72db80761 31036 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31028->31036 31038 7ff72da527d0 56 API calls 31029->31038 31041 7ff72db80556 31030->31041 31042 7ff72db806a3 31030->31042 31031 7ff72dbdcd10 DName::DName 8 API calls 31039 7ff72db80520 31031->31039 31032->31040 31043 7ff72db80313 31033->31043 31034 7ff72db807f6 31044 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31034->31044 31098 7ff72db80990 57 API calls std::_Throw_Cpp_error 31035->31098 31037 7ff72db80775 31036->31037 31037->31012 31046 7ff72db80401 31038->31046 31039->30969 31100 7ff72db80990 57 API calls std::_Throw_Cpp_error 31040->31100 31047 7ff72da527d0 56 API calls 31041->31047 31096 7ff72db80990 57 API calls std::_Throw_Cpp_error 31042->31096 31048 7ff72da5beb0 56 API calls 31043->31048 31049 7ff72db8080a 31044->31049 31051 7ff72da5beb0 56 API calls 31046->31051 31052 7ff72db805a9 31047->31052 31053 7ff72db80340 31048->31053 31101 7ff72db80990 57 API calls std::_Throw_Cpp_error 31049->31101 31050 7ff72db806d2 31055 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31050->31055 31056 7ff72db8042e 31051->31056 31057 7ff72da5beb0 56 API calls 31052->31057 31058 7ff72db84980 129 API calls 31053->31058 31060 7ff72db806e6 31055->31060 31061 7ff72db84980 129 API calls 31056->31061 31062 7ff72db805d6 31057->31062 31063 7ff72db80384 31058->31063 31059 7ff72db80841 31064 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31059->31064 31060->31006 31065 7ff72db80472 31061->31065 31066 7ff72db84980 129 API calls 31062->31066 31067 7ff72da52660 2 API calls 31063->31067 31068 7ff72db80855 31064->31068 31069 7ff72da52660 2 API calls 31065->31069 31070 7ff72db8061a 31066->31070 31071 7ff72db80392 31067->31071 31102 7ff72db80990 57 API calls std::_Throw_Cpp_error 31068->31102 31075 7ff72db80480 31069->31075 31076 7ff72da52660 2 API calls 31070->31076 31073 7ff72da52910 52 API calls 31071->31073 31073->31082 31074 7ff72db8088c 31077 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31074->31077 31078 7ff72da52910 52 API calls 31075->31078 31079 7ff72db80628 31076->31079 31081 7ff72db808a0 31077->31081 31078->31082 31080 7ff72da52910 52 API calls 31079->31080 31080->31082 31082->31031 31083->30928 31085->30929 31086->30946 31088->30948 31089->30968 31091->30979 31092->30978 31093->30984 31094->31082 31095->31082 31096->31050 31097->31020 31098->31028 31099->31022 31100->31034 31101->31059 31102->31074 31103->30872 31104->30867 31105->30871 31106->30874 31107->30877 31108->30881 31109->30883 31110->30885 30181 7ff72da21a70 WSAStartup 30186 7ff72dbdd290 30181->30186 30184 7ff72dbdcd10 DName::DName 8 API calls 30185 7ff72da21abb 30184->30185 30189 7ff72dbdd254 30186->30189 30188 7ff72da21aab 30188->30184 30190 7ff72dbdd26e 30189->30190 30192 7ff72dbdd267 30189->30192 30193 7ff72dc00e6c 55 API calls 30190->30193 30192->30188 30193->30192 30194 7ff72da4d074 GetFileAttributesW 30195 7ff72da4d082 30194->30195 30214 7ff72da50a90 30195->30214 30199 7ff72da4d0b8 30200 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30199->30200 30201 7ff72da4d0c2 GetFileAttributesW 30200->30201 30203 7ff72da4d0da 30201->30203 30204 7ff72da279d0 89 API calls 30203->30204 30205 7ff72da4d130 30204->30205 30238 7ff72da274e0 30205->30238 30209 7ff72da4d15a 30210 7ff72da27820 57 API calls 30209->30210 30211 7ff72da4d174 30210->30211 30248 7ff72da27600 30211->30248 30264 7ff72da2c1b0 30214->30264 30216 7ff72da50ae9 30218 7ff72da50b56 30216->30218 30220 7ff72da50b95 30216->30220 30275 7ff72da2c440 56 API calls 30216->30275 30217 7ff72da50bd5 30221 7ff72da2e0f0 56 API calls 30217->30221 30219 7ff72da2e0f0 56 API calls 30218->30219 30219->30220 30220->30217 30276 7ff72da2c440 56 API calls 30220->30276 30222 7ff72da4d0ad 30221->30222 30225 7ff72da2c510 30222->30225 30226 7ff72da2c566 30225->30226 30227 7ff72da2c533 30225->30227 30226->30199 30227->30226 30228 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 30227->30228 30230 7ff72da2c5af 30228->30230 30232 7ff72da2c62e 30230->30232 30233 7ff72da2c606 30230->30233 30234 7ff72da2c69e 30230->30234 30237 7ff72da2c6a3 30230->30237 30235 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 30232->30235 30233->30199 30279 7ff72da237d0 56 API calls 3 library calls 30234->30279 30235->30233 30280 7ff72da23890 56 API calls std::_Throw_Cpp_error 30237->30280 30239 7ff72da275aa 30238->30239 30240 7ff72da27566 30238->30240 30242 7ff72da27820 30239->30242 30240->30239 30281 7ff72da3ac50 100 API calls 30240->30281 30243 7ff72da27842 30242->30243 30247 7ff72da27883 30242->30247 30282 7ff72da35a00 57 API calls Concurrency::cancel_current_task 30243->30282 30245 7ff72da27878 30283 7ff72da282e0 30245->30283 30247->30209 30249 7ff72da2764a 30248->30249 30250 7ff72da27632 30248->30250 30251 7ff72da282e0 std::_Throw_Cpp_error 57 API calls 30249->30251 30250->30249 30290 7ff72da2b5e0 56 API calls _Yarn 30250->30290 30253 7ff72da277f4 30251->30253 30256 7ff72dbdcd10 DName::DName 8 API calls 30253->30256 30254 7ff72da2769e 30255 7ff72da276a9 30254->30255 30291 7ff72da2c7b0 30254->30291 30262 7ff72da282e0 std::_Throw_Cpp_error 57 API calls 30255->30262 30258 7ff72da2780b 30256->30258 30261 7ff72da27718 30297 7ff72da2e190 56 API calls 2 library calls 30261->30297 30262->30249 30268 7ff72da2c1d9 30264->30268 30273 7ff72da2c2ae _Yarn 30264->30273 30265 7ff72da2c2ed 30278 7ff72da23890 56 API calls std::_Throw_Cpp_error 30265->30278 30268->30265 30269 7ff72da2c2e7 30268->30269 30270 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 30268->30270 30277 7ff72da237d0 56 API calls 3 library calls 30269->30277 30272 7ff72da2c261 _Yarn 30270->30272 30272->30273 30274 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 30272->30274 30273->30216 30274->30269 30275->30218 30276->30217 30277->30265 30279->30237 30281->30239 30282->30245 30284 7ff72da2831d 30283->30284 30285 7ff72da282f9 30283->30285 30284->30247 30285->30284 30286 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 30285->30286 30287 7ff72da28343 30286->30287 30288 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30287->30288 30289 7ff72da28392 30288->30289 30289->30247 30290->30254 30292 7ff72da2770c 30291->30292 30293 7ff72da2c7d5 30291->30293 30296 7ff72da28170 56 API calls 3 library calls 30292->30296 30293->30292 30298 7ff72da23890 56 API calls std::_Throw_Cpp_error 30293->30298 30296->30261 30297->30255 31111 7ff72da23260 InitializeCriticalSection 31116 7ff72dac6e20 31111->31116 31117 7ff72dac6ea4 31116->31117 31118 7ff72dac6e5a 31116->31118 31121 7ff72dac1be0 2 API calls 31117->31121 31122 7ff72dac6eba 31117->31122 31119 7ff72dbdcdf0 3 API calls 31118->31119 31120 7ff72dac6e66 31119->31120 31120->31117 31123 7ff72dac6e6f GetModuleHandleW 31120->31123 31121->31122 31126 7ff72dbdcd10 DName::DName 8 API calls 31122->31126 31124 7ff72dac6e91 31123->31124 31125 7ff72dac6e81 GetProcAddress 31123->31125 31134 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31124->31134 31125->31124 31128 7ff72da2327d 31126->31128 31129 7ff72dbc4410 31128->31129 31130 7ff72dac6e20 18 API calls 31129->31130 31131 7ff72dbc4432 GetSystemTimes 31130->31131 31132 7ff72dbdcd10 DName::DName 8 API calls 31131->31132 31133 7ff72da23287 31132->31133 31508 7ff72db83c10 31509 7ff72db83c4b 31508->31509 31512 7ff72db83c61 31508->31512 31510 7ff72db83c7c 31511 7ff72db83d7b CompareStringW 31511->31512 31512->31510 31512->31511 31513 7ff72db83e6d CompareStringW 31512->31513 31513->31510 31513->31512 30539 7ff72dab9c00 30563 7ff72dac1be0 30539->30563 30541 7ff72dab9c72 CreateFileW 30542 7ff72dab9ca8 GetLastError 30541->30542 30543 7ff72dab9d67 30541->30543 30544 7ff72dab9d7e 30542->30544 30556 7ff72dab9c4c 30542->30556 30569 7ff72db8d7e0 30544->30569 30547 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30548 7ff72dab9da2 LockFileEx 30547->30548 30550 7ff72dab9de6 30548->30550 30551 7ff72dab9deb GetLastError 30548->30551 30549 7ff72dac1be0 QueryPerformanceCounter QueryPerformanceFrequency 30549->30556 30552 7ff72db8d7e0 54 API calls 30551->30552 30554 7ff72dab9e04 30552->30554 30555 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 30554->30555 30557 7ff72dab9e15 30555->30557 30556->30541 30556->30544 30556->30549 30560 7ff72dab9d55 CloseHandle 30556->30560 30568 7ff72dabdc20 12 API calls 2 library calls 30556->30568 30572 7ff72dac1a70 56 API calls DName::DName 30557->30572 30559 7ff72dab9e5f 30573 7ff72dac1a70 56 API calls DName::DName 30559->30573 30560->30556 30562 7ff72dab9e96 30574 7ff72dbdbf2c QueryPerformanceFrequency 30563->30574 30565 7ff72dac1bef 30575 7ff72dbdbf10 QueryPerformanceCounter 30565->30575 30567 7ff72dac1bf7 30567->30556 30568->30556 30576 7ff72da35cd0 30569->30576 30572->30559 30573->30562 30574->30565 30575->30567 30577 7ff72dbdec50 __std_exception_copy 54 API calls 30576->30577 30578 7ff72da35d3c 30577->30578 30579 7ff72da35d5d 30578->30579 30580 7ff72dbdece0 __std_exception_destroy 13 API calls 30578->30580 30581 7ff72dbdece0 __std_exception_destroy 13 API calls 30579->30581 30583 7ff72da35d4f 30580->30583 30582 7ff72da35d6c 30581->30582 30584 7ff72dbdcd10 DName::DName 8 API calls 30582->30584 30585 7ff72dbdec50 __std_exception_copy 54 API calls 30583->30585 30586 7ff72da35d7c 30584->30586 30585->30579 30586->30547 30307 7ff72da4bdef 30308 7ff72da4bdf9 30307->30308 30324 7ff72da2df10 30308->30324 30310 7ff72da4be05 GetFileAttributesW 30312 7ff72da4be2c 30310->30312 30313 7ff72da2c6b0 56 API calls 30312->30313 30314 7ff72da4be44 GetModuleHandleW GetModuleFileNameW 30313->30314 30315 7ff72da4be94 GetLastError 30314->30315 30340 7ff72da51480 89 API calls 2 library calls 30315->30340 30317 7ff72da4bf0f 30318 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30317->30318 30319 7ff72da4bf1d 30318->30319 30320 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30319->30320 30321 7ff72da4bf2b 30320->30321 30322 7ff72dbdcd10 DName::DName 8 API calls 30321->30322 30323 7ff72da4cd85 30322->30323 30325 7ff72da2df6d 30324->30325 30326 7ff72da2df40 _Yarn 30324->30326 30327 7ff72da2e047 30325->30327 30328 7ff72da2df80 30325->30328 30326->30310 30341 7ff72da23890 56 API calls std::_Throw_Cpp_error 30327->30341 30330 7ff72da2e04c 30328->30330 30331 7ff72da2dfc2 30328->30331 30342 7ff72da237d0 56 API calls 3 library calls 30330->30342 30332 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 30331->30332 30334 7ff72da2dfd6 _Yarn 30332->30334 30334->30326 30335 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 30334->30335 30336 7ff72da2e058 30335->30336 30337 7ff72da2e092 30336->30337 30343 7ff72da32370 56 API calls 4 library calls 30336->30343 30337->30310 30339 7ff72da2e0e5 30339->30310 30340->30317 30342->30334 30343->30339 30408 7ff72da4bf4f 30409 7ff72da4bf52 30408->30409 30409->30409 30410 7ff72da2df10 56 API calls 30409->30410 30411 7ff72da4bf6d 30410->30411 30412 7ff72da4bf78 PathRemoveFileSpecW 30411->30412 30413 7ff72da4bfb1 30411->30413 30414 7ff72da4bf91 30412->30414 30415 7ff72dbdd254 55 API calls 30413->30415 30414->30414 30416 7ff72da2df10 56 API calls 30414->30416 30417 7ff72da4bfcd 30415->30417 30416->30413 30418 7ff72da2aef0 89 API calls 30417->30418 30419 7ff72da4bffb 30418->30419 30420 7ff72dbdece0 __std_exception_destroy 13 API calls 30419->30420 30421 7ff72da4c03b 30420->30421 30422 7ff72da529f0 89 API calls 30421->30422 30423 7ff72da4c047 30422->30423 30424 7ff72da2aef0 89 API calls 30423->30424 30425 7ff72da4c0d9 30424->30425 30426 7ff72dbdece0 __std_exception_destroy 13 API calls 30425->30426 30427 7ff72da4c119 30426->30427 30428 7ff72da529f0 89 API calls 30427->30428 30429 7ff72da4c125 30428->30429 30430 7ff72da2aef0 89 API calls 30429->30430 30433 7ff72da4c190 30429->30433 30431 7ff72da4c150 30430->30431 30436 7ff72dbdece0 __std_exception_destroy 13 API calls 30431->30436 30432 7ff72da4c9d9 30435 7ff72da5a470 341 API calls 30432->30435 30440 7ff72da4cd98 30433->30440 30441 7ff72da4c1d1 30433->30441 30502 7ff72da4c3e1 30433->30502 30434 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 30446 7ff72da4c44c 30434->30446 30437 7ff72da4c9e5 30435->30437 30436->30433 30438 7ff72da4c9e9 30437->30438 30439 7ff72da4ca53 30437->30439 30442 7ff72da36cc0 89 API calls 30438->30442 30443 7ff72da4cb5b GetFileAttributesW 30439->30443 30444 7ff72da4ca5e 30439->30444 30535 7ff72da23890 56 API calls std::_Throw_Cpp_error 30440->30535 30448 7ff72da32f60 99 API calls 30441->30448 30477 7ff72da4ca48 30442->30477 30452 7ff72da4cb77 30443->30452 30449 7ff72da279d0 89 API calls 30444->30449 30451 7ff72da527d0 56 API calls 30446->30451 30453 7ff72da4c202 30448->30453 30449->30477 30450 7ff72da4cd9d 30536 7ff72dbda850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 30450->30536 30454 7ff72da4c4c0 30451->30454 30461 7ff72da4cbce 30452->30461 30462 7ff72da4cba3 30452->30462 30456 7ff72da2e0f0 56 API calls 30453->30456 30458 7ff72da5beb0 56 API calls 30454->30458 30455 7ff72da4cec0 89 API calls 30459 7ff72da4ccaa 30455->30459 30460 7ff72da4c21f 30456->30460 30464 7ff72da4c4f1 30458->30464 30465 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30459->30465 30466 7ff72da2e0f0 56 API calls 30460->30466 30468 7ff72da279d0 89 API calls 30461->30468 30534 7ff72da515d0 89 API calls DName::DName 30462->30534 30463 7ff72da4cda3 30537 7ff72da237d0 56 API calls 3 library calls 30463->30537 30469 7ff72db84980 129 API calls 30464->30469 30470 7ff72da4ccb8 30465->30470 30471 7ff72da4c27a 30466->30471 30468->30477 30473 7ff72da4c543 30469->30473 30474 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30470->30474 30475 7ff72da2e0f0 56 API calls 30471->30475 30480 7ff72da2e0f0 56 API calls 30473->30480 30478 7ff72da4ccc6 30474->30478 30479 7ff72da4c2d5 30475->30479 30476 7ff72da4cda9 30477->30455 30482 7ff72dbdcd10 DName::DName 8 API calls 30478->30482 30481 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30479->30481 30483 7ff72da4c562 30480->30483 30484 7ff72da4c327 30481->30484 30485 7ff72da4cd85 30482->30485 30486 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30483->30486 30487 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30484->30487 30488 7ff72da4c570 30486->30488 30489 7ff72da4c335 30487->30489 30490 7ff72da52660 2 API calls 30488->30490 30491 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30489->30491 30492 7ff72da4c57e 30490->30492 30493 7ff72da4c343 RpcStringBindingComposeW 30491->30493 30494 7ff72da52910 52 API calls 30492->30494 30495 7ff72da4c3a6 30493->30495 30496 7ff72da4c38f RpcBindingFromStringBindingW 30493->30496 30503 7ff72da4c58c shared_ptr 30494->30503 30497 7ff72da4c3bf 30495->30497 30498 7ff72da4c3b1 RpcStringFreeW 30495->30498 30496->30495 30499 7ff72da4c3cb 30497->30499 30500 7ff72da4f480 17 API calls 30497->30500 30498->30497 30501 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30499->30501 30500->30499 30501->30502 30502->30432 30502->30434 30504 7ff72da50550 95 API calls 30503->30504 30505 7ff72da4c692 30504->30505 30506 7ff72da50690 64 API calls 30505->30506 30507 7ff72da4c6e1 30506->30507 30507->30450 30508 7ff72da4c72b 30507->30508 30508->30463 30509 7ff72da4c747 30508->30509 30512 7ff72da4c753 _Yarn 30508->30512 30510 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 30509->30510 30510->30512 30511 7ff72da51240 57 API calls 30516 7ff72da4c7fb 30511->30516 30512->30511 30513 7ff72da4c9a2 30515 7ff72da4cdb0 52 API calls 30513->30515 30514 7ff72da51240 57 API calls 30514->30516 30517 7ff72da4c9af 30515->30517 30516->30514 30519 7ff72da2c6b0 56 API calls 30516->30519 30527 7ff72da4c88c 30516->30527 30530 7ff72da51b20 56 API calls 2 library calls 30516->30530 30521 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30517->30521 30519->30516 30520 7ff72dbdcdf0 3 API calls 30520->30527 30523 7ff72da4c9bd 30521->30523 30524 7ff72da2db20 56 API calls 30523->30524 30526 7ff72da4c9cb 30524->30526 30528 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30526->30528 30527->30513 30527->30520 30531 7ff72dbdad50 64 API calls 30527->30531 30532 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30527->30532 30533 7ff72da30cd0 100 API calls 30527->30533 30528->30432 30530->30516 30531->30527 30533->30527 30534->30477 30537->30476 30344 7ff72da4c58f 30345 7ff72da4c5aa shared_ptr 30344->30345 30346 7ff72da50550 95 API calls 30345->30346 30347 7ff72da4c692 30346->30347 30348 7ff72da50690 64 API calls 30347->30348 30349 7ff72da4c6e1 30348->30349 30350 7ff72da4c72b 30349->30350 30351 7ff72da4cd9e 30349->30351 30353 7ff72da4c747 30350->30353 30354 7ff72da4cda3 30350->30354 30358 7ff72da4c753 _Yarn 30350->30358 30406 7ff72dbda850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 30351->30406 30355 7ff72da320f0 std::_Throw_Cpp_error 56 API calls 30353->30355 30407 7ff72da237d0 56 API calls 3 library calls 30354->30407 30355->30358 30356 7ff72da51240 57 API calls 30363 7ff72da4c7fb 30356->30363 30358->30356 30359 7ff72da4cda9 30360 7ff72da4c9a2 30362 7ff72da4cdb0 52 API calls 30360->30362 30361 7ff72da51240 57 API calls 30361->30363 30364 7ff72da4c9af 30362->30364 30363->30361 30366 7ff72da2c6b0 56 API calls 30363->30366 30374 7ff72da4c88c 30363->30374 30401 7ff72da51b20 56 API calls 2 library calls 30363->30401 30368 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30364->30368 30366->30363 30367 7ff72dbdcdf0 3 API calls 30367->30374 30370 7ff72da4c9bd 30368->30370 30371 7ff72da2db20 56 API calls 30370->30371 30373 7ff72da4c9cb 30371->30373 30375 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30373->30375 30374->30360 30374->30367 30402 7ff72dbdad50 64 API calls 30374->30402 30403 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 30374->30403 30404 7ff72da30cd0 100 API calls 30374->30404 30377 7ff72da4c9d9 30375->30377 30378 7ff72da5a470 341 API calls 30377->30378 30379 7ff72da4c9e5 30378->30379 30380 7ff72da4c9e9 30379->30380 30381 7ff72da4ca53 30379->30381 30382 7ff72da36cc0 89 API calls 30380->30382 30383 7ff72da4cb5b GetFileAttributesW 30381->30383 30384 7ff72da4ca5e 30381->30384 30396 7ff72da4ca48 30382->30396 30387 7ff72da4cb77 30383->30387 30386 7ff72da279d0 89 API calls 30384->30386 30386->30396 30390 7ff72da4cbce 30387->30390 30391 7ff72da4cba3 30387->30391 30388 7ff72da4cec0 89 API calls 30389 7ff72da4ccaa 30388->30389 30392 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30389->30392 30394 7ff72da279d0 89 API calls 30390->30394 30405 7ff72da515d0 89 API calls DName::DName 30391->30405 30395 7ff72da4ccb8 30392->30395 30394->30396 30397 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 30395->30397 30396->30388 30398 7ff72da4ccc6 30397->30398 30399 7ff72dbdcd10 DName::DName 8 API calls 30398->30399 30400 7ff72da4cd85 30399->30400 30401->30363 30402->30374 30404->30374 30405->30396 30407->30359 31295 7ff72db7f550 31296 7ff72db7f5cb 31295->31296 31297 7ff72db7f5f8 31295->31297 31298 7ff72dbdcdf0 3 API calls 31296->31298 31397 7ff72db7fcd0 100 API calls Concurrency::cancel_current_task 31297->31397 31300 7ff72db7f5d7 31298->31300 31300->31297 31426 7ff72dbdad50 64 API calls 31300->31426 31301 7ff72db7f607 31302 7ff72db7f787 GetFileVersionInfoSizeW 31301->31302 31398 7ff72db72980 31301->31398 31306 7ff72db7f93f GetLastError 31302->31306 31317 7ff72db7f7c2 31302->31317 31312 7ff72db8d7e0 54 API calls 31306->31312 31307 7ff72db7f614 31309 7ff72db7f61c 31307->31309 31310 7ff72db7f8b8 31307->31310 31308 7ff72db7f5e5 31427 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31308->31427 31315 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 31309->31315 31430 7ff72db6b130 57 API calls std::_Throw_Cpp_error 31310->31430 31313 7ff72db7f95b 31312->31313 31316 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31313->31316 31320 7ff72db7f645 31315->31320 31321 7ff72db7f96f 31316->31321 31318 7ff72db7f7df GetFileVersionInfoW 31317->31318 31322 7ff72db7f7f8 VerQueryValueW 31318->31322 31323 7ff72db7f970 GetLastError 31318->31323 31319 7ff72db7f8fc 31324 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31319->31324 31325 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 31320->31325 31321->31323 31327 7ff72db7f9a0 GetLastError 31322->31327 31328 7ff72db7f820 31322->31328 31326 7ff72db8d7e0 54 API calls 31323->31326 31329 7ff72db7f910 31324->31329 31330 7ff72db7f67b 31325->31330 31331 7ff72db7f98c 31326->31331 31333 7ff72db8d7e0 54 API calls 31327->31333 31332 7ff72db7f9d0 GetLastError 31328->31332 31344 7ff72db7f834 31328->31344 31336 7ff72dbf2130 _invalid_parameter_noinfo_noreturn 52 API calls 31329->31336 31415 7ff72db7e7f0 73 API calls 3 library calls 31330->31415 31335 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31331->31335 31339 7ff72db8d7e0 54 API calls 31332->31339 31337 7ff72db7f9bc 31333->31337 31335->31327 31340 7ff72db7f916 31336->31340 31341 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31337->31341 31338 7ff72db7f686 31416 7ff72db7ee20 31338->31416 31343 7ff72db7f9ec 31339->31343 31431 7ff72db8d7a0 54 API calls 31340->31431 31341->31332 31346 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31343->31346 31345 7ff72db7f883 31344->31345 31429 7ff72db7fda0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 31344->31429 31350 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31345->31350 31351 7ff72db7fa00 31346->31351 31349 7ff72db7f6f8 31353 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31349->31353 31355 7ff72db7f891 31350->31355 31352 7ff72db7fb65 31351->31352 31432 7ff72db7e120 57 API calls std::_Throw_Cpp_error 31351->31432 31456 7ff72db8d7a0 54 API calls 31352->31456 31357 7ff72db7f74b 31353->31357 31354 7ff72db7f92b 31359 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31354->31359 31356 7ff72dbdcd10 DName::DName 8 API calls 31355->31356 31361 7ff72db7f8a4 31356->31361 31363 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31357->31363 31359->31306 31366 7ff72db7f756 31363->31366 31364 7ff72db7fb76 31367 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31364->31367 31365 7ff72db7fa92 31433 7ff72db7e2a0 31365->31433 31369 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31366->31369 31370 7ff72db7fb87 31367->31370 31372 7ff72db7f764 31369->31372 31373 7ff72db7fb88 GetLastError 31370->31373 31371 7ff72db7fa9b 31374 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31371->31374 31375 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31372->31375 31457 7ff72dadac20 57 API calls std::_Throw_Cpp_error 31373->31457 31377 7ff72db7faa6 31374->31377 31378 7ff72db7f76f 31375->31378 31380 7ff72db7fab3 CreateFileW 31377->31380 31381 7ff72db7fab0 31377->31381 31428 7ff72db7f050 GetFileAttributesW SetFileAttributesW CopyFileW GetLastError Sleep 31378->31428 31379 7ff72db7fbb7 31383 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31379->31383 31380->31373 31384 7ff72db7faf3 WriteFile 31380->31384 31381->31380 31386 7ff72db7fbc8 31383->31386 31387 7ff72db7fb39 GetLastError 31384->31387 31388 7ff72db7fb14 CloseHandle 31384->31388 31385 7ff72db7f77f 31385->31302 31385->31340 31389 7ff72db7fbf2 31386->31389 31458 7ff72db7fda0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 31386->31458 31390 7ff72db8d7e0 54 API calls 31387->31390 31391 7ff72dbdcd10 DName::DName 8 API calls 31388->31391 31393 7ff72db7fb53 31390->31393 31394 7ff72db7fb2d 31391->31394 31395 7ff72dbdf810 Concurrency::cancel_current_task 2 API calls 31393->31395 31396 7ff72db7fb64 31395->31396 31396->31352 31397->31301 31399 7ff72db729f4 31398->31399 31400 7ff72db729af 31398->31400 31459 7ff72da524e0 31399->31459 31401 7ff72dbdcdf0 3 API calls 31400->31401 31403 7ff72db729bb 31401->31403 31403->31399 31405 7ff72db729c4 GetModuleHandleW GetProcAddress 31403->31405 31464 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31405->31464 31406 7ff72db72a6d 31410 7ff72dbdcd10 DName::DName 8 API calls 31406->31410 31407 7ff72db72a02 31408 7ff72db72a47 31407->31408 31409 7ff72db72a13 GetCurrentProcess NtQueryInformationProcess 31407->31409 31413 7ff72dbdcd10 DName::DName 8 API calls 31408->31413 31409->31408 31412 7ff72db72a7c 31410->31412 31412->31307 31414 7ff72db72a64 31413->31414 31414->31307 31415->31338 31421 7ff72db7eec0 31416->31421 31419 7ff72da2c510 56 API calls 31419->31421 31420 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31420->31421 31421->31419 31421->31420 31422 7ff72db7efaf 31421->31422 31423 7ff72db7ef7c GetFileAttributesW 31421->31423 31425 7ff72db7ef79 31421->31425 31467 7ff72db8a720 EnterCriticalSection 31421->31467 31478 7ff72da39d40 56 API calls 2 library calls 31421->31478 31422->31329 31422->31349 31423->31425 31424 7ff72db7ef9c GetFileAttributesW 31424->31422 31424->31425 31425->31421 31425->31422 31425->31423 31425->31424 31426->31308 31428->31385 31429->31345 31430->31319 31431->31354 31432->31365 31434 7ff72db7e2c9 CreateDirectoryW 31433->31434 31435 7ff72db7e2c6 31433->31435 31436 7ff72db7e2de GetLastError 31434->31436 31437 7ff72db7e437 31434->31437 31435->31434 31438 7ff72db7e2eb 31436->31438 31445 7ff72db7e325 31436->31445 31437->31371 31439 7ff72db7e2f5 GetFileAttributesW 31438->31439 31440 7ff72db7e2f2 31438->31440 31442 7ff72db7e30b SetLastError 31439->31442 31443 7ff72db7e303 31439->31443 31440->31439 31441 7ff72db7e316 31441->31371 31442->31441 31443->31437 31443->31442 31445->31441 31446 7ff72db7e3d4 CreateDirectoryW 31445->31446 31448 7ff72da283a0 std::_Throw_Cpp_error 57 API calls 31445->31448 31504 7ff72da3c4d0 31445->31504 31446->31437 31449 7ff72db7e3fc GetLastError 31446->31449 31450 7ff72db7e3ac CreateDirectoryW 31448->31450 31451 7ff72db7e40e GetFileAttributesW 31449->31451 31452 7ff72db7e40b 31449->31452 31455 7ff72da2de60 std::_Throw_Cpp_error 56 API calls 31450->31455 31453 7ff72db7e41c 31451->31453 31454 7ff72db7e420 SetLastError 31451->31454 31452->31451 31453->31437 31453->31454 31454->31371 31455->31445 31456->31364 31457->31379 31458->31389 31465 7ff72dc2e6e0 31459->31465 31462 7ff72dbdcd10 DName::DName 8 API calls 31463 7ff72da525ac 31462->31463 31463->31406 31463->31407 31466 7ff72da52539 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 31465->31466 31466->31462 31468 7ff72db8a774 31467->31468 31474 7ff72db8a7b4 31467->31474 31469 7ff72dbdcdf0 3 API calls 31468->31469 31470 7ff72db8a780 31469->31470 31470->31474 31479 7ff72db88920 31470->31479 31475 7ff72db8ab49 LeaveCriticalSection 31474->31475 31476 7ff72dbdcd10 DName::DName 8 API calls 31475->31476 31477 7ff72db8acc7 31476->31477 31477->31421 31478->31421 31503 7ff72db8b190 31479->31503 31481 7ff72db8895a GetSystemTimeAsFileTime 31483 7ff72db8899c 31481->31483 31482 7ff72db88bc4 GetCurrentProcessId 31485 7ff72db88c01 31482->31485 31483->31482 31484 7ff72db88cfe GetCurrentThreadId 31487 7ff72db88d3b 31484->31487 31485->31484 31486 7ff72db88e38 GlobalMemoryStatusEx 31488 7ff72db89360 GetDiskFreeSpaceExW 31486->31488 31499 7ff72db88e7e 31486->31499 31487->31486 31489 7ff72db895d2 GetSystemTimes 31488->31489 31491 7ff72db8937a 31488->31491 31490 7ff72db89d68 QueryPerformanceCounter 31489->31490 31501 7ff72db895f5 31489->31501 31492 7ff72db89d7d 31490->31492 31491->31489 31493 7ff72db8a25d CryptAcquireContextW 31492->31493 31494 7ff72db8a289 CryptGenRandom 31493->31494 31496 7ff72db8a525 31493->31496 31495 7ff72db8a516 CryptReleaseContext 31494->31495 31500 7ff72db8a2b1 31494->31500 31495->31496 31497 7ff72dbdcd10 DName::DName 8 API calls 31496->31497 31498 7ff72db8a709 31497->31498 31502 7ff72dbdcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 31498->31502 31499->31488 31500->31495 31501->31490 31503->31481 31507 7ff72da3c512 shared_ptr 31504->31507 31505 7ff72dbdcd10 DName::DName 8 API calls 31506 7ff72da3c5a4 31505->31506 31506->31445 31507->31505

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 00007FF72DA5E520 Relevance: 78.0, APIs: 31, Strings: 13, Instructions: 964threadtimeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$Leave$CountEnterProcessThread$HandleTick$CloseConditionCurrentMask$CallInfoInformationOpenPowerPriorityTimes$ClassExceptionMemoryRaiseVerifyVersion__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: 0398$0398$FA7D$FA7D$Handle count is {}, expected maximum is {} !$Thread count is {}, expected maximum is {} !$deadlock suspected$excessive handle count$excessive memory usage$excessive thread count$high CPU usage$suspected GUI thread hang$uwm
                                                                                                                                                                                                                                                                      • API String ID: 2554263370-1543258672
                                                                                                                                                                                                                                                                      • Opcode ID: c58ac09a72532f8bdaed50a0bb90ce4a168a0b0eaedd7a50c29ac4a88c695b82
                                                                                                                                                                                                                                                                      • Instruction ID: a1957f01a47673b6548345608112b77fd01d4d0ff8ee19634a99be9b7bae90f3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c58ac09a72532f8bdaed50a0bb90ce4a168a0b0eaedd7a50c29ac4a88c695b82
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40A2BF72A08B858AEB60DF25DC44BADB7B1FB44B88F804135DA4D47794EF38D985CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA29A81 Relevance: 55.1, APIs: 12, Strings: 19, Instructions: 887timememoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Time$File$System$CriticalHeapProcessSection__std_exception_destroy$AttributesCommandCurrentEnterInformationLeaveLineMappedName_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID: ,$C1C3$EBBE$END: Avast installer/updater, return code {}$Logs$START: Avast installer/updater$\Logs\Clear.log$\Logs\Setup.log$\Logs\Update.log$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni$clear$config.def$debug$sfx$sfxstorage$B8$eB$7
                                                                                                                                                                                                                                                                      • API String ID: 1096773629-272021793
                                                                                                                                                                                                                                                                      • Opcode ID: 32ef386f8bae1a276c9d685d9a5e4823b9353d9cfcda63f9c793a793ca8adeaf
                                                                                                                                                                                                                                                                      • Instruction ID: 4bbe1bfa5ae31cec4be7a2ab65e48ab0e9b73b028fb6f8f31bb06a9a6490650e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32ef386f8bae1a276c9d685d9a5e4823b9353d9cfcda63f9c793a793ca8adeaf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43A27062A18BC58AEB20EF35CC446ECA370FB54B48F904136DA4D5BA59FF38D685C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5A470 Relevance: 49.4, APIs: 13, Strings: 15, Instructions: 364memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 685 7ff72da5a470-7ff72da5a4d2 GetModuleHandleW GetProcAddress 686 7ff72da5a4d4-7ff72da5a4e0 685->686 687 7ff72da5a50f-7ff72da5a57c call 7ff72db8bf70 EnterCriticalSection call 7ff72dbded70 call 7ff72da32bd0 GetProcessHeap 685->687 688 7ff72da5a4e6-7ff72da5a505 call 7ff72da60770 GetCurrentThreadId call 7ff72da5c2d0 686->688 689 7ff72da5a772-7ff72da5a7de call 7ff72db8d870 call 7ff72dbdf810 686->689 710 7ff72da5a57e-7ff72da5a5a2 call 7ff72da2b010 call 7ff72dbf1908 687->710 711 7ff72da5a5a7-7ff72da5a5aa 687->711 702 7ff72da5a50a 688->702 703 7ff72da5a868-7ff72da5a871 689->703 704 7ff72da5a7e4-7ff72da5a7eb 689->704 706 7ff72da5a5e9-7ff72da5a5ed 702->706 712 7ff72da5a8f8-7ff72da5a901 703->712 713 7ff72da5a877-7ff72da5a87c 703->713 704->703 709 7ff72da5a7ed-7ff72da5a7f3 704->709 707 7ff72da5a5f3-7ff72da5a5fd call 7ff72da5aa60 706->707 708 7ff72da5a6cf-7ff72da5a6d3 706->708 727 7ff72da5a602-7ff72da5a604 707->727 717 7ff72da5a733-7ff72da5a737 708->717 718 7ff72da5a6d5-7ff72da5a6eb RtlAddVectoredExceptionHandler 708->718 709->703 719 7ff72da5a7f5-7ff72da5a808 709->719 710->711 721 7ff72da5a5ac-7ff72da5a5b0 711->721 722 7ff72da5a5b3-7ff72da5a5b6 711->722 714 7ff72da5a907-7ff72da5a90f RevertToSelf 712->714 715 7ff72da5a9e1-7ff72da5a9ea 712->715 713->712 723 7ff72da5a87e-7ff72da5a882 713->723 714->715 726 7ff72da5a915-7ff72da5a960 call 7ff72da279d0 714->726 724 7ff72da5a9ec-7ff72da5aa2f call 7ff72da36cc0 715->724 725 7ff72da5aa38 715->725 731 7ff72da5a747-7ff72da5a771 call 7ff72dbdcd10 717->731 732 7ff72da5a739-7ff72da5a744 SetErrorMode 717->732 718->717 728 7ff72da5a6ed-7ff72da5a730 call 7ff72da50e30 718->728 719->703 729 7ff72da5a80a-7ff72da5a863 call 7ff72da36cc0 719->729 721->722 733 7ff72da5a5db-7ff72da5a5e5 LeaveCriticalSection 722->733 734 7ff72da5a5b8-7ff72da5a5ca 722->734 723->712 735 7ff72da5a884-7ff72da5a88c 723->735 747 7ff72da5aa34-7ff72da5aa36 724->747 738 7ff72da5aa3a-7ff72da5aa5a call 7ff72dbdcd10 725->738 759 7ff72da5a990-7ff72da5a997 726->759 760 7ff72da5a962-7ff72da5a98f 726->760 727->708 739 7ff72da5a60a-7ff72da5a655 call 7ff72da279d0 727->739 728->717 729->738 732->731 733->706 744 7ff72da5a5cc-7ff72da5a5d2 HeapFree 734->744 745 7ff72da5a5d4-7ff72da5a5da 734->745 735->712 746 7ff72da5a88e-7ff72da5a8b2 VirtualQuery 735->746 763 7ff72da5a657-7ff72da5a684 739->763 764 7ff72da5a685-7ff72da5a68c 739->764 744->733 745->733 746->712 755 7ff72da5a8b4-7ff72da5a8c5 GetModuleHandleW 746->755 747->738 756 7ff72da5a8c7-7ff72da5a8d8 GetModuleHandleW 755->756 757 7ff72da5a8da-7ff72da5a8f3 755->757 756->712 756->757 757->738 759->747 765 7ff72da5a99d-7ff72da5a9ac 759->765 760->759 763->764 768 7ff72da5a6cc 764->768 769 7ff72da5a68e-7ff72da5a69f 764->769 765->747 767 7ff72da5a9b2-7ff72da5a9c9 765->767 767->747 774 7ff72da5a9cb-7ff72da5a9df 767->774 768->708 769->768 771 7ff72da5a6a1-7ff72da5a6ba 769->771 771->768 775 7ff72da5a6bc-7ff72da5a6c2 771->775 774->738 775->768
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$HandleModuleProcess$CriticalSection$AddressAllocEnterProc$CurrentErrorExceptionFreeHandlerLeaveModeQueryRevertSelfThreadVectoredVirtual
                                                                                                                                                                                                                                                                      • String ID: 75B0$75B0$Already running$CtrlRoutine$FB06$FB06$Failed to install global crashhandler.$Failed to install vectored handler.$Warning: Relocated kernel32 detected.$Warning: STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING exception was dispatched.$Warning: STATUS_THREADPOOL_HANDLE_EXCEPTION exception was dispatched.$asw::crashguard::ProcessWatcher::Singleton::v1$combase.dll$kernel32.dll$ole32.dll
                                                                                                                                                                                                                                                                      • API String ID: 3202747469-419070947
                                                                                                                                                                                                                                                                      • Opcode ID: 2abaec331f69d0b38215a426737b1753d5578a253fb07c3194ee6cfd1b279412
                                                                                                                                                                                                                                                                      • Instruction ID: 30c4f57359ea1422d453a1b9841a080be7433a392da2f74b5db24588e62999b7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2abaec331f69d0b38215a426737b1753d5578a253fb07c3194ee6cfd1b279412
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40021C32B0CB468AEB10EF65D8506ADB3B1FB45B48F844436DA0E57758EF38E585CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5CE40 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 274threadwindowsynchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 777 7ff72da5ce40-7ff72da5cfbf call 7ff72da36cc0 call 7ff72db72d60 call 7ff72dbdce80 call 7ff72da283a0 call 7ff72db72f00 call 7ff72da609f0 GetModuleHandleW 791 7ff72da5cfc6-7ff72da5cfe4 call 7ff72da5b580 call 7ff72da5b490 777->791 796 7ff72da5d2ee-7ff72da5d2f6 791->796 797 7ff72da5cfea-7ff72da5cff2 791->797 798 7ff72da5d2f8-7ff72da5d302 call 7ff72da5e520 796->798 799 7ff72da5d317-7ff72da5d32f WaitForSingleObject 796->799 797->796 800 7ff72da5cff8-7ff72da5d00a GetCurrentProcess GetPriorityClass 797->800 804 7ff72da5d307-7ff72da5d310 798->804 799->791 802 7ff72da5d335 799->802 800->796 803 7ff72da5d010-7ff72da5d015 800->803 805 7ff72da5d340-7ff72da5d360 PeekMessageW 802->805 803->796 806 7ff72da5d01b-7ff72da5d04f call 7ff72da524e0 OpenThread 803->806 804->799 805->805 807 7ff72da5d362-7ff72da5d36a call 7ff72db731b0 805->807 812 7ff72da5d056-7ff72da5d061 GetThreadPriority 806->812 813 7ff72da5d051 806->813 811 7ff72da5d36f-7ff72da5d39b call 7ff72dbdcd10 807->811 816 7ff72da5d2dd-7ff72da5d2e0 FindCloseChangeNotification 812->816 817 7ff72da5d067-7ff72da5d071 call 7ff72da5f7e0 812->817 815 7ff72da5d2e6 813->815 815->796 816->815 817->816 821 7ff72da5d077-7ff72da5d0c6 GetGUIThreadInfo 817->821 821->816 822 7ff72da5d0cc-7ff72da5d0d7 821->822 823 7ff72da5d0dd-7ff72da5d0e6 822->823 824 7ff72da5d2d8 822->824 825 7ff72da5d26c-7ff72da5d275 823->825 826 7ff72da5d0ec 823->826 824->816 828 7ff72da5d277-7ff72da5d287 IsHungAppWindow 825->828 829 7ff72da5d2d0 825->829 827 7ff72da5d0f0-7ff72da5d110 PeekMessageW 826->827 827->827 830 7ff72da5d112-7ff72da5d129 827->830 828->829 831 7ff72da5d289-7ff72da5d2bd SendMessageCallbackW 828->831 829->824 832 7ff72da5d12f-7ff72da5d131 830->832 833 7ff72da5d262 830->833 831->829 834 7ff72da5d2bf-7ff72da5d2c9 831->834 832->825 835 7ff72da5d137-7ff72da5d195 call 7ff72da279d0 832->835 836 7ff72da5d265 833->836 834->829 839 7ff72da5d197-7ff72da5d1d1 835->839 840 7ff72da5d1d2-7ff72da5d1dd 835->840 836->825 839->840 841 7ff72da5d21c-7ff72da5d260 call 7ff72da5d9c0 840->841 842 7ff72da5d1df-7ff72da5d1ec 840->842 841->836 842->841 843 7ff72da5d1ee-7ff72da5d20a 842->843 843->841 848 7ff72da5d20c-7ff72da5d212 843->848 848->841
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Thread$ConditionCurrentMaskOpen$CountInfoMessagePeekPriorityProcessTickTimesToken$ClassControlDeviceErrorHandleImpersonateLastModuleObjectSelfSingleSystemVerifyVersionWait
                                                                                                                                                                                                                                                                      • String ID: 0398$Detected a hang in GUI thread through IsHungAppWindow+SendMessageCallback. Attempting to dump process...$FA7D$H$Process monitoring installed.$SeDebugPrivilege$h$suspected GUI thread hang$verifier.dll
                                                                                                                                                                                                                                                                      • API String ID: 2528360860-2006111672
                                                                                                                                                                                                                                                                      • Opcode ID: 52f35139b36aae5c10b01a30cc2f890e2674e5cbc083ada831532a04745ed008
                                                                                                                                                                                                                                                                      • Instruction ID: 6a25b54eb21ab94739e41bef9fdf995f27488d6db2e92a29dc9869de4d1cb335
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52f35139b36aae5c10b01a30cc2f890e2674e5cbc083ada831532a04745ed008
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3D13132A1CBC186E760DB15E850BAAF3A0FB98744F848135DA8D43A54EF3CD985CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB720E0 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 178threadmemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$Token$CloseCurrentOpenProcessThread$AllocateChangeCheckDuplicateFindHandleInitializeMembershipNotification
                                                                                                                                                                                                                                                                      • String ID: AllocateAndInitializeSid$Unable to check token membership!$Unable to duplicate the access token!$Unable to open current thread token!$Unable to open default process token!
                                                                                                                                                                                                                                                                      • API String ID: 261792156-3273639489
                                                                                                                                                                                                                                                                      • Opcode ID: 46567b61cab2fb32fc4ca6ba4a297ce14aafbf3cc7080da22a89abeb1cb19387
                                                                                                                                                                                                                                                                      • Instruction ID: c0974feb01298b3e6e3307c196fdeccb610ffdb6e7d23deab9fc848cbad1895d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46567b61cab2fb32fc4ca6ba4a297ce14aafbf3cc7080da22a89abeb1cb19387
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B915032E0CB4689EB10AB65EC642ADB374FB84744F904136DA4D57A68EF3CE585CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB72A90 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 173libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressErrorLastProc$HandleModule
                                                                                                                                                                                                                                                                      • String ID: GetProcAddress ({})$LdrLockLoaderLock$LdrUnlockLoaderLock$RtlDllShutdownInProgress$RtlGetCurrentPeb$RtlIsCriticalSectionLockedByThread$Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 3725234143-558923929
                                                                                                                                                                                                                                                                      • Opcode ID: ec167d4a54710c186022324ce92b077e2a5dcf20ff2373bbbba3e451e9f146d0
                                                                                                                                                                                                                                                                      • Instruction ID: d626d8609374449f62605bea2d194f17aa623ffda49badd06f3a55b4d1df7ae7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec167d4a54710c186022324ce92b077e2a5dcf20ff2373bbbba3e451e9f146d0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4810E21E0CA0699FB10ABA4EC653E8A3B1FB44748F904436C94D566A4FF7CD58ACB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4C04B Relevance: 33.7, APIs: 7, Strings: 12, Instructions: 476COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 941 7ff72da4c04b-7ff72da4c127 call 7ff72da2aef0 call 7ff72dbdece0 call 7ff72da2aef0 call 7ff72dbdece0 call 7ff72da529f0 954 7ff72da4c129-7ff72da4c18b call 7ff72da2aef0 call 7ff72dbdece0 941->954 955 7ff72da4c190-7ff72da4c198 941->955 954->955 957 7ff72da4c19e-7ff72da4c1cb call 7ff72db81a00 * 2 955->957 958 7ff72da4c409 955->958 976 7ff72da4cd98-7ff72da4cd9d call 7ff72da23890 957->976 977 7ff72da4c1d1-7ff72da4c1d6 957->977 960 7ff72da4c40d-7ff72da4c411 958->960 962 7ff72da4c417-7ff72da4c475 call 7ff72da283a0 call 7ff72dad9540 960->962 963 7ff72da4c9d9-7ff72da4c9e7 call 7ff72da5a470 960->963 985 7ff72da4c477 962->985 986 7ff72da4c47a-7ff72da4c53e call 7ff72da527d0 call 7ff72da5beb0 call 7ff72db84980 962->986 974 7ff72da4c9e9-7ff72da4ca4e call 7ff72da36cc0 963->974 975 7ff72da4ca53-7ff72da4ca58 963->975 994 7ff72da4cca2-7ff72da4cca5 call 7ff72da4cec0 974->994 981 7ff72da4cb5b-7ff72da4cb67 975->981 982 7ff72da4ca5e-7ff72da4cac8 call 7ff72da279d0 975->982 999 7ff72da4cd9e-7ff72da4cda3 call 7ff72dbda850 976->999 979 7ff72da4c1db-7ff72da4c38d call 7ff72da32f60 call 7ff72da2e0f0 * 3 call 7ff72da2de60 * 3 RpcStringBindingComposeW 977->979 980 7ff72da4c1d8 977->980 1064 7ff72da4c3a6-7ff72da4c3af 979->1064 1065 7ff72da4c38f-7ff72da4c3a4 RpcBindingFromStringBindingW 979->1065 980->979 988 7ff72da4cb6c-7ff72da4cb75 GetFileAttributesW 981->988 989 7ff72da4cb69 981->989 1004 7ff72da4cb08-7ff72da4cb13 982->1004 1005 7ff72da4caca-7ff72da4cb07 982->1005 985->986 1029 7ff72da4c543-7ff72da4c54d 986->1029 995 7ff72da4cb77-7ff72da4cb79 988->995 996 7ff72da4cb7f 988->996 989->988 1009 7ff72da4ccaa-7ff72da4cd97 call 7ff72da2de60 * 2 call 7ff72dbdcd10 994->1009 995->996 1002 7ff72da4cb7b-7ff72da4cb7d 995->1002 1006 7ff72da4cb81-7ff72da4cba1 996->1006 1020 7ff72da4cda4-7ff72da4cda9 call 7ff72da237d0 999->1020 1002->1006 1004->994 1014 7ff72da4cb19-7ff72da4cb23 1004->1014 1005->1004 1011 7ff72da4cbce-7ff72da4cc1a call 7ff72da279d0 1006->1011 1012 7ff72da4cba3-7ff72da4cbc9 call 7ff72da515d0 1006->1012 1034 7ff72da4cc1c-7ff72da4cc4f 1011->1034 1035 7ff72da4cc5a-7ff72da4cc65 1011->1035 1012->994 1014->994 1021 7ff72da4cb29-7ff72da4cb40 1014->1021 1021->994 1042 7ff72da4cb46-7ff72da4cb56 1021->1042 1038 7ff72da4c54f 1029->1038 1039 7ff72da4c552-7ff72da4c725 call 7ff72da2e0f0 call 7ff72da2de60 call 7ff72da52660 call 7ff72da52910 call 7ff72dc2e6e0 call 7ff72da50550 call 7ff72da50690 1029->1039 1047 7ff72da4cc59 1034->1047 1036 7ff72da4cc9c 1035->1036 1037 7ff72da4cc67-7ff72da4cc71 1035->1037 1036->994 1037->1036 1043 7ff72da4cc73-7ff72da4cc8a 1037->1043 1038->1039 1039->999 1082 7ff72da4c72b-7ff72da4c72e 1039->1082 1042->994 1043->1036 1056 7ff72da4cc8c-7ff72da4cc92 1043->1056 1047->1035 1056->1036 1067 7ff72da4c3bf-7ff72da4c3c1 1064->1067 1068 7ff72da4c3b1-7ff72da4c3b9 RpcStringFreeW 1064->1068 1065->1064 1070 7ff72da4c3c3-7ff72da4c3c6 call 7ff72da4f480 1067->1070 1071 7ff72da4c3cf-7ff72da4c3f3 call 7ff72da2de60 1067->1071 1068->1067 1075 7ff72da4c3cb 1070->1075 1071->960 1075->1071 1083 7ff72da4c734-7ff72da4c741 1082->1083 1084 7ff72da4c7d1 1082->1084 1083->1020 1086 7ff72da4c747-7ff72da4c7cf call 7ff72da320f0 call 7ff72dc2df60 1083->1086 1085 7ff72da4c7d9-7ff72da4c80a call 7ff72da51240 1084->1085 1092 7ff72da4c88c-7ff72da4c89f 1085->1092 1093 7ff72da4c810-7ff72da4c819 1085->1093 1086->1085 1094 7ff72da4c8a5-7ff72da4c8b7 1092->1094 1095 7ff72da4c9a2-7ff72da4c9d4 call 7ff72da4cdb0 call 7ff72da2de60 call 7ff72da2db20 call 7ff72da2de60 1092->1095 1097 7ff72da4c81b-7ff72da4c82b 1093->1097 1098 7ff72da4c860-7ff72da4c88a call 7ff72da51240 1093->1098 1100 7ff72da4c8c0-7ff72da4c8ca 1094->1100 1095->963 1102 7ff72da4c82d-7ff72da4c846 call 7ff72da2c6b0 1097->1102 1103 7ff72da4c848-7ff72da4c853 1097->1103 1098->1092 1098->1093 1105 7ff72da4c8cc-7ff72da4c8df call 7ff72dbdcdf0 1100->1105 1106 7ff72da4c8f9-7ff72da4c933 1100->1106 1102->1098 1103->1098 1108 7ff72da4c85b call 7ff72da51b20 1103->1108 1105->1106 1119 7ff72da4c8e1-7ff72da4c8f4 call 7ff72dbdad50 call 7ff72dbdcd80 1105->1119 1112 7ff72da4c938-7ff72da4c98f call 7ff72da30cd0 1106->1112 1113 7ff72da4c935 1106->1113 1108->1098 1121 7ff72da4c995-7ff72da4c99c 1112->1121 1122 7ff72da4c991 1112->1122 1113->1112 1119->1106 1121->1095 1121->1100 1122->1121
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_destroy$BindingString$ComposeConcurrency::cancel_current_taskFreeFrom
                                                                                                                                                                                                                                                                      • String ID: $"$1412$AvDumper$CA55$CrashGuardProcessWatcherExclusions$Failed to install crash hooks$avcfg://settings/CrashGuard/DumpFirstChance$avdef://config/Common/DumpFirstChance$avdef://config/Common/FullDumpFraction$ncalrpc$python.exe;pythonw.exe;
                                                                                                                                                                                                                                                                      • API String ID: 2873485521-3410722514
                                                                                                                                                                                                                                                                      • Opcode ID: 182d8a6c2709efdc38903cd7bf524e6fcca530c7c0cb17694f06d41347b75442
                                                                                                                                                                                                                                                                      • Instruction ID: ccfb1d07b05668dce7b5af947963448f5667d897a630debbcba096b4894648a3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 182d8a6c2709efdc38903cd7bf524e6fcca530c7c0cb17694f06d41347b75442
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28425F32A0DBC585E630EB15E8847EAB3A0FBD5740F805236D68D52A66FF3CD585CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB86300 Relevance: 23.4, APIs: 6, Strings: 7, Instructions: 617registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1387 7ff72db86300-7ff72db863a7 RegQueryValueExW 1388 7ff72db863a9-7ff72db863fc call 7ff72da33e00 1387->1388 1389 7ff72db86401-7ff72db86406 1387->1389 1397 7ff72db8656e-7ff72db865ab call 7ff72da2de60 call 7ff72dbdcd10 1388->1397 1391 7ff72db86438-7ff72db8643d 1389->1391 1392 7ff72db86408-7ff72db86433 call 7ff72db843a0 1389->1392 1395 7ff72db8654e-7ff72db8656a 1391->1395 1396 7ff72db86443-7ff72db8644a 1391->1396 1392->1391 1395->1397 1398 7ff72db86450-7ff72db8645c 1396->1398 1400 7ff72db8645e-7ff72db86474 1398->1400 1401 7ff72db86476-7ff72db86489 1398->1401 1402 7ff72db864d4-7ff72db86508 RegQueryValueExW 1400->1402 1403 7ff72db864bd-7ff72db864cf call 7ff72da32370 1401->1403 1404 7ff72db8648b-7ff72db864a3 1401->1404 1409 7ff72db8651d-7ff72db86549 call 7ff72db843a0 1402->1409 1410 7ff72db8650a-7ff72db8650f 1402->1410 1403->1402 1406 7ff72db864a5-7ff72db864ad 1404->1406 1407 7ff72db864b0-7ff72db864bb 1404->1407 1406->1407 1407->1402 1409->1395 1413 7ff72db865ac-7ff72db8669e call 7ff72da55050 call 7ff72da3c140 call 7ff72db872d0 call 7ff72dbdf810 RegQueryValueExW 1410->1413 1414 7ff72db86515-7ff72db86518 1410->1414 1424 7ff72db866da-7ff72db866df 1413->1424 1425 7ff72db866a0-7ff72db866b3 call 7ff72dad3c80 1413->1425 1414->1398 1427 7ff72db86711-7ff72db86716 1424->1427 1428 7ff72db866e1-7ff72db8670c call 7ff72db843a0 1424->1428 1431 7ff72db866b8-7ff72db866d5 1425->1431 1429 7ff72db867ed-7ff72db86807 1427->1429 1430 7ff72db8671c-7ff72db8671f 1427->1430 1428->1427 1434 7ff72db8680a-7ff72db8684b call 7ff72dad0940 call 7ff72dbdcd10 1429->1434 1433 7ff72db86720-7ff72db8673a 1430->1433 1431->1434 1435 7ff72db8673c-7ff72db86744 1433->1435 1436 7ff72db86746 1433->1436 1438 7ff72db86781-7ff72db867a7 RegQueryValueExW 1435->1438 1436->1438 1439 7ff72db86748-7ff72db86755 1436->1439 1444 7ff72db867bc-7ff72db867e8 call 7ff72db843a0 1438->1444 1445 7ff72db867a9-7ff72db867ae 1438->1445 1441 7ff72db86757-7ff72db86763 call 7ff72db87170 1439->1441 1442 7ff72db86765-7ff72db86779 call 7ff72dc2e6e0 1439->1442 1455 7ff72db8677d 1441->1455 1442->1455 1444->1429 1450 7ff72db8684c-7ff72db86938 call 7ff72da55050 call 7ff72da3c140 call 7ff72db872d0 call 7ff72dbdf810 RegQueryValueExW 1445->1450 1451 7ff72db867b4-7ff72db867b7 1445->1451 1463 7ff72db8693a-7ff72db8696c call 7ff72da92c30 1450->1463 1464 7ff72db86971-7ff72db86976 1450->1464 1451->1433 1455->1438 1472 7ff72db86a9e-7ff72db86adc call 7ff72da2dbc0 call 7ff72dbdcd10 1463->1472 1466 7ff72db869a8-7ff72db869ad 1464->1466 1467 7ff72db86978-7ff72db869a3 call 7ff72db843a0 1464->1467 1470 7ff72db869b3-7ff72db869b6 1466->1470 1471 7ff72db86a81-7ff72db86a9b 1466->1471 1467->1466 1473 7ff72db869c0-7ff72db869d4 1470->1473 1471->1472 1474 7ff72db869d6-7ff72db869de 1473->1474 1475 7ff72db869e0 1473->1475 1477 7ff72db86a15-7ff72db86a3b RegQueryValueExW 1474->1477 1475->1477 1478 7ff72db869e2-7ff72db869ec 1475->1478 1480 7ff72db86a3d-7ff72db86a42 1477->1480 1481 7ff72db86a50-7ff72db86a7c call 7ff72db843a0 1477->1481 1482 7ff72db869ee-7ff72db869fa call 7ff72da3c410 1478->1482 1483 7ff72db869fc-7ff72db86a0d call 7ff72dc2e6e0 1478->1483 1486 7ff72db86add-7ff72db86b9d call 7ff72da55050 call 7ff72da3c140 call 7ff72db872d0 call 7ff72dbdf810 1480->1486 1487 7ff72db86a48-7ff72db86a4b 1480->1487 1481->1471 1494 7ff72db86a11 1482->1494 1483->1494 1502 7ff72db86c3d-7ff72db86c42 call 7ff72da237d0 1486->1502 1503 7ff72db86ba3-7ff72db86bc2 call 7ff72da320f0 1486->1503 1487->1473 1494->1477 1508 7ff72db86c1d-7ff72db86c37 1503->1508 1509 7ff72db86bc4-7ff72db86bce 1503->1509 1508->1502 1510 7ff72db86bd0-7ff72db86c1b 1509->1510 1510->1508 1510->1510
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                                                      • String ID: >$Cannot query registry data due to '{}' value changed too often$Cannot query registry value data$Cannot query registry value size$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                                                                                                      • API String ID: 3660427363-930554611
                                                                                                                                                                                                                                                                      • Opcode ID: 3dd6854d385606812cbdb0ba8b285f8db7c6e782317c0dda2f1dbc5473d1c942
                                                                                                                                                                                                                                                                      • Instruction ID: 3a62b69a7d09cdd029d04035adf4ee1a7a4e702c783f15625d5905e34441e0c1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dd6854d385606812cbdb0ba8b285f8db7c6e782317c0dda2f1dbc5473d1c942
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE52B232B18B8189E710DF65E8506EDB3B0FB58788FA05129EF8D53A59EF38D585CB10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB88920 Relevance: 23.1, APIs: 10, Strings: 2, Instructions: 2077encryptiontimethreadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB88966
                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB88BC4
                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00007FF72DB88CFE
                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB88E70
                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB8936C
                                                                                                                                                                                                                                                                      • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB895E7
                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB89D6F
                                                                                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32 ref: 00007FF72DB8A27B
                                                                                                                                                                                                                                                                      • CryptGenRandom.ADVAPI32 ref: 00007FF72DB8A2A3
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32 ref: 00007FF72DB8A51F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Crypt$ContextCurrentSystemTime$AcquireCounterDiskFileFreeGlobalMemoryPerformanceProcessQueryRandomReleaseSpaceStatusThreadTimes
                                                                                                                                                                                                                                                                      • String ID: @$Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                                                                                                                      • API String ID: 1216455848-3036034798
                                                                                                                                                                                                                                                                      • Opcode ID: 9621706e66f1e1417c7637f2aadf42ab6eae26e5dd89606bbdbe4c20f1c72faa
                                                                                                                                                                                                                                                                      • Instruction ID: 9d63e214a2aac1224750b0daf6926260e9ab10c3535597aa06d20aef24dbdaf7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9621706e66f1e1417c7637f2aadf42ab6eae26e5dd89606bbdbe4c20f1c72faa
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 351340B361C6828BDB549F28E85027EB7B0F796744F94013AE349C7689EB2DD915CF20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB85D00 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 296registrynativeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 2165 7ff72db85d00-7ff72db85d72 2166 7ff72db85eac-7ff72db85f46 call 7ff72db872b0 call 7ff72da320f0 call 7ff72dc2e6e0 2165->2166 2167 7ff72db85d78-7ff72db85d7c 2165->2167 2191 7ff72db85f4a-7ff72db85f4e 2166->2191 2169 7ff72db85d7e-7ff72db85db6 call 7ff72da5beb0 call 7ff72db854c0 2167->2169 2170 7ff72db85dfb-7ff72db85e05 2167->2170 2180 7ff72db85dbb-7ff72db85dd4 2169->2180 2172 7ff72db85e09-7ff72db85e62 RegSetValueExW call 7ff72db843a0 2170->2172 2178 7ff72db85e67-7ff72db85e72 2172->2178 2182 7ff72db85e89-7ff72db85eab call 7ff72dbdcd10 2178->2182 2183 7ff72db85e74-7ff72db85e7f RegCloseKey 2178->2183 2184 7ff72db85de8-7ff72db85df9 call 7ff72da52910 2180->2184 2185 7ff72db85dd6-7ff72db85dde RegCloseKey 2180->2185 2183->2182 2187 7ff72db85e81-7ff72db85e83 SetLastError 2183->2187 2184->2172 2185->2184 2189 7ff72db85de0-7ff72db85de2 SetLastError 2185->2189 2187->2182 2189->2184 2194 7ff72db85f50-7ff72db85f58 2191->2194 2195 7ff72db85f5e-7ff72db85f75 2194->2195 2196 7ff72db860d7-7ff72db86115 call 7ff72da32ac0 call 7ff72dbdf810 2194->2196 2198 7ff72db85f7b-7ff72db85f95 RegQueryMultipleValuesW 2195->2198 2199 7ff72db860b0-7ff72db860d6 call 7ff72da32ac0 call 7ff72dbdf810 2195->2199 2215 7ff72db8611d-7ff72db86129 2196->2215 2216 7ff72db86117 NtClose 2196->2216 2202 7ff72db85ff8-7ff72db8606d call 7ff72db843a0 call 7ff72da2dbc0 2198->2202 2203 7ff72db85f97-7ff72db85fac 2198->2203 2199->2196 2224 7ff72db86072-7ff72db86078 2202->2224 2225 7ff72db8606f 2202->2225 2207 7ff72db85fae-7ff72db85fb6 2203->2207 2208 7ff72db85fb8 2203->2208 2207->2194 2208->2194 2212 7ff72db85fba-7ff72db85fc4 2208->2212 2217 7ff72db85fdb-7ff72db85ff3 call 7ff72dc2e6e0 2212->2217 2218 7ff72db85fc6-7ff72db85fd6 call 7ff72da3c410 2212->2218 2216->2215 2217->2191 2218->2191 2226 7ff72db8608c-7ff72db860af call 7ff72dbdcd10 2224->2226 2227 7ff72db8607a-7ff72db86082 RegCloseKey 2224->2227 2225->2224 2227->2226 2228 7ff72db86084-7ff72db86086 SetLastError 2227->2228 2228->2226
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Close$ErrorLast$Create$MultipleQueryValueValues
                                                                                                                                                                                                                                                                      • String ID: Cannot query multiple values$Cannot write key value
                                                                                                                                                                                                                                                                      • API String ID: 2503903376-4258123943
                                                                                                                                                                                                                                                                      • Opcode ID: 9e872e9a32b9ada36572d3f0896caf45d6ad7661b1d37d032ae09402ea208051
                                                                                                                                                                                                                                                                      • Instruction ID: 3062b14bef59faa20ae2b2591428f5fab21a6c6194d2f83fa2ecf5b10bf946db
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e872e9a32b9ada36572d3f0896caf45d6ad7661b1d37d032ae09402ea208051
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44C18E32B08B8199E710EF65E8546ADB3B5FB48788F848139EE4D57B48EF38D195C720
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4F480 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CurrentProcessProtectVirtual$AddressCacheCall3CheckClientDebuggerFlushHandleInstructionModulePresentProcRemote
                                                                                                                                                                                                                                                                      • String ID: IsDebuggerPresent$kernel32.dll
                                                                                                                                                                                                                                                                      • API String ID: 2663660448-2078679533
                                                                                                                                                                                                                                                                      • Opcode ID: c61f7fc85614437339c1394cabb13ace727d1573d15ffa12084c6dd197be2368
                                                                                                                                                                                                                                                                      • Instruction ID: 9aafd7fb5d06bdf10860d90d2351510325bc31a98962410f435565a74d107a88
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c61f7fc85614437339c1394cabb13ace727d1573d15ffa12084c6dd197be2368
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA419331A0CA4286E750AF69EC54B79F7A0FB84B90F945135DA8D466D8EF3CD8458F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB84980 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 251registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseEnvironmentErrorExpandLastQueryStringsValue$ExceptionFileHeaderOpenRaise__std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: Cannot query registry value type$String environment expansion failed$String environment expansion failed due to unexpected buffer size
                                                                                                                                                                                                                                                                      • API String ID: 3007891444-362477642
                                                                                                                                                                                                                                                                      • Opcode ID: 38a2c76dda014e19b81b80e49fc0598903d85d1206579363d05439280b1d446d
                                                                                                                                                                                                                                                                      • Instruction ID: c5522879d25c586fac0b26ad1f13430e80bb40151192f2a8bad0f92513b0835b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38a2c76dda014e19b81b80e49fc0598903d85d1206579363d05439280b1d446d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCB1B632A1CA8196E710EF34E8506EDB3A1FB84748F809135EA4D87A59FF38E555CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5C2D0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 206libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Cpp_errorThrow_std::_$AddressCurrentEventHandleModuleProcThread
                                                                                                                                                                                                                                                                      • String ID: Already running$IsRunningInsideAvastService
                                                                                                                                                                                                                                                                      • API String ID: 2652625034-28184766
                                                                                                                                                                                                                                                                      • Opcode ID: 25c7878f43036e984ad698b3cb5f75667699438b3e75626be9b3c5cd750bfcae
                                                                                                                                                                                                                                                                      • Instruction ID: 637f273e43855cb6175d27282ba76ef48c7163990839b2afbe65d7a05580f084
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25c7878f43036e984ad698b3cb5f75667699438b3e75626be9b3c5cd750bfcae
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A181623291C68186E710AF25E855ABAF3B0FF98744F944135E68D42695FF3CE984CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5AA60 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 113memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ProtectVirtual$AddressExceptionFilterHandleModuleProcUnhandled__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: 75B0$Call to InstallGlobalHandler while being already installed.$FB06$Kernel32.dll$SetUnhandledExceptionFilter
                                                                                                                                                                                                                                                                      • API String ID: 2217734308-513095205
                                                                                                                                                                                                                                                                      • Opcode ID: 409e28d40152ebefb25df6493918e91e1d73a76e17b1b05625fa02ddcfb971a4
                                                                                                                                                                                                                                                                      • Instruction ID: 9558005f0428ac15fff5a707003ba290a9e288d2e585067735b652deda4997cf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 409e28d40152ebefb25df6493918e91e1d73a76e17b1b05625fa02ddcfb971a4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF515E32A0DB419DEB50EF25D8807A8B3B1FB49B48F945035EA0D47758EF38E985CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB72980 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61librarynativeloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DB7F614), ref: 00007FF72DB729CB
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DB7F614), ref: 00007FF72DB729DB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCD80: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA286BC), ref: 00007FF72DBDCD90
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCD80: ReleaseSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA286BC), ref: 00007FF72DBDCDD0
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00007FF72DB72A18
                                                                                                                                                                                                                                                                      • NtQueryInformationProcess.NTDLL ref: 00007FF72DB72A3D
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA28681), ref: 00007FF72DBDCE00
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireProcess$AddressCurrentHandleInformationModuleProcQueryRelease
                                                                                                                                                                                                                                                                      • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 259813251-2906145389
                                                                                                                                                                                                                                                                      • Opcode ID: 52a757f25958bbf5585d22884fa26293c422a4561e71b2b7db7bceb74124d3e7
                                                                                                                                                                                                                                                                      • Instruction ID: 562708c82e2b391eeb02c940415b85d8a3aba78fcc48b67077f14f09fa36c1f6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52a757f25958bbf5585d22884fa26293c422a4561e71b2b7db7bceb74124d3e7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99214C62E0CA4296FA50AB15EC615B9B3A0FF94784FC45136D64E43365FF2CE5458F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4B5E0 Relevance: 7.7, APIs: 5, Instructions: 215threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB72980: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DB7F614), ref: 00007FF72DB729CB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB72980: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DB7F614), ref: 00007FF72DB729DB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB72980: GetCurrentProcess.KERNEL32 ref: 00007FF72DB72A18
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB72980: NtQueryInformationProcess.NTDLL ref: 00007FF72DB72A3D
                                                                                                                                                                                                                                                                      • InitializeProcThreadAttributeList.KERNEL32 ref: 00007FF72DA4B6D1
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ProcProcess$AddressAttributeCurrentHandleInformationInitializeListModuleQueryThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 140588192-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1775f3841eee03957657563c0e6cb813a6d679f0c770e28a55eb9fc523b3300c
                                                                                                                                                                                                                                                                      • Instruction ID: 61cf726a91f6c40f747eb6fe420baef518ae82a5e5b4165b249b4c1cd7b28b03
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1775f3841eee03957657563c0e6cb813a6d679f0c770e28a55eb9fc523b3300c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFA19F32A19B8196E708DF31D9447ADB3B4FB58784F408625DB8C23A65EF38E1B1C710
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB8A720 Relevance: 2.9, APIs: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 00007FF72DB8A752
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA28681), ref: 00007FF72DBDCE00
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB88920: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF72DB8A793), ref: 00007FF72DB88966
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCD80: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA286BC), ref: 00007FF72DBDCD90
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCD80: ReleaseSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA286BC), ref: 00007FF72DBDCDD0
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DB8ACAF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCriticalSectionTime$EnterFileLeaveReleaseSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 516957425-0
                                                                                                                                                                                                                                                                      • Opcode ID: 504f8d2c7ccc0fd1e804343f61dcfffb5a4e4b2fc537e7e5c6013b07d5375ecd
                                                                                                                                                                                                                                                                      • Instruction ID: d28608b5169761e32da6e9ffeaaba5d58929b0a1ef88ca847abd41b770c45386
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 504f8d2c7ccc0fd1e804343f61dcfffb5a4e4b2fc537e7e5c6013b07d5375ecd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49026072A1CA829BE7049B68EC5016EF7A0FB95344F84013AE689C7795EFACD515CF30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA28EC6 Relevance: 54.6, APIs: 18, Strings: 13, Instructions: 333memorynetworkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 573 7ff72da28ec6-7ff72da28ee2 GetCurrentProcessId call 7ff72db88620 577 7ff72da28ee8-7ff72da28f04 GetCurrentProcessId call 7ff72db81a00 call 7ff72db81820 573->577 578 7ff72da29061-7ff72da2906b InstupInit 573->578 598 7ff72da28f0a-7ff72da28f55 call 7ff72da279d0 577->598 599 7ff72da28fd7-7ff72da28fe9 call 7ff72dadb0c0 577->599 579 7ff72da29087 578->579 580 7ff72da2906d-7ff72da29072 578->580 583 7ff72da29089-7ff72da2908b 579->583 580->579 582 7ff72da29074-7ff72da29079 580->582 582->579 585 7ff72da2907b-7ff72da29081 582->585 586 7ff72da2911b-7ff72da2912e GetCommandLineW InstupRun 583->586 587 7ff72da29091-7ff72da290a3 call 7ff72dadb0c0 583->587 585->579 591 7ff72da29083-7ff72da29085 585->591 589 7ff72da29371-7ff72da29379 InstupCleanup 586->589 590 7ff72da29134-7ff72da29139 586->590 604 7ff72da290a8-7ff72da29116 call 7ff72da31d80 587->604 605 7ff72da290a5 587->605 595 7ff72da2942a-7ff72da29447 call 7ff72dbdcd10 589->595 596 7ff72da2937f-7ff72da29384 589->596 590->589 594 7ff72da2913f-7ff72da29144 590->594 591->583 594->589 600 7ff72da2914a-7ff72da29150 594->600 596->595 602 7ff72da2938a-7ff72da2938f 596->602 619 7ff72da28f57-7ff72da28f85 598->619 620 7ff72da28f86-7ff72da28f8d 598->620 616 7ff72da28fee-7ff72da2905c call 7ff72da31d80 call 7ff72da2de60 599->616 617 7ff72da28feb 599->617 600->589 607 7ff72da29156-7ff72da29165 600->607 602->595 609 7ff72da29395-7ff72da2939b 602->609 628 7ff72da29425 call 7ff72da2de60 604->628 605->604 613 7ff72da29167-7ff72da29183 EnterCriticalSection 607->613 614 7ff72da291c8-7ff72da291d4 TlsGetValue 607->614 609->595 615 7ff72da293a1-7ff72da293b4 call 7ff72dadb0c0 609->615 622 7ff72da291b9-7ff72da291c2 LeaveCriticalSection 613->622 623 7ff72da29185-7ff72da29192 call 7ff72db7b0a0 613->623 626 7ff72da291e5 614->626 627 7ff72da291d6-7ff72da291dd 614->627 641 7ff72da293b9-7ff72da29421 call 7ff72da31d80 615->641 642 7ff72da293b6 615->642 616->578 617->616 619->620 620->578 621 7ff72da28f93-7ff72da28f9d 620->621 621->578 633 7ff72da28fa3-7ff72da28fbc 621->633 622->614 623->622 648 7ff72da29194-7ff72da291a3 TlsAlloc 623->648 632 7ff72da291ea-7ff72da291fb LocalAlloc 626->632 627->627 629 7ff72da291df-7ff72da291e3 627->629 628->595 629->632 638 7ff72da2926a-7ff72da29284 InternetGetConnectedState 632->638 639 7ff72da291fd-7ff72da29206 632->639 633->578 652 7ff72da28fc2-7ff72da28fd2 633->652 643 7ff72da2928e 638->643 644 7ff72da29286-7ff72da2928c 638->644 645 7ff72da29208-7ff72da29234 call 7ff72dbf1908 call 7ff72dbfc3a8 * 2 639->645 646 7ff72da29236-7ff72da2923d call 7ff72dbf1908 639->646 641->628 642->641 650 7ff72da29293-7ff72da292a4 call 7ff72dadb0c0 643->650 644->643 644->650 660 7ff72da29242-7ff72da29253 TlsSetValue 645->660 646->660 653 7ff72da291a5-7ff72da291ae LeaveCriticalSection 648->653 654 7ff72da291b3-7ff72da291b8 call 7ff72db7b1d0 648->654 666 7ff72da292a9-7ff72da2931a call 7ff72da31d80 call 7ff72da2de60 650->666 667 7ff72da292a6 650->667 652->578 653->638 654->622 660->638 665 7ff72da29255-7ff72da2925e 660->665 665->638 669 7ff72da29260-7ff72da29269 LocalFree 665->669 666->589 676 7ff72da2931c-7ff72da2932b TlsGetValue 666->676 667->666 669->638 677 7ff72da29330-7ff72da29340 call 7ff72dbdf8c0 676->677 680 7ff72da29342-7ff72da29345 677->680 681 7ff72da29356-7ff72da29366 TlsSetValue 677->681 680->681 682 7ff72da29347-7ff72da29352 680->682 681->589 683 7ff72da29368-7ff72da2936b LocalFree 681->683 682->677 684 7ff72da29354 682->684 683->589 684->589
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$CriticalInstupLocalSection$AllocCurrentFreeLeaveProcess$CleanupCloseCommandConnectedCreateEnterErrorFileHandleInitInternetLastLineState__std_exception_destroy_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: '$($C1C3$Cannot initialize Instup, return code {}$EBBE$Error in Instup cleanup, return code {}$Error returned by Instup, return code {}$M$X$avast! Self-Defense trust was not acquired. Code {}$avast! Self-Defense trust was successfully acquired.$ctx$n
                                                                                                                                                                                                                                                                      • API String ID: 2420363499-3323102445
                                                                                                                                                                                                                                                                      • Opcode ID: 08cffa8f4a65383ebd3527cb44e3a878c046fc1aa150b7267461225ee8722205
                                                                                                                                                                                                                                                                      • Instruction ID: b66c128b2e05a708c8381671d4ca6850fbdb31c7989885eef53c8e6d71158e22
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08cffa8f4a65383ebd3527cb44e3a878c046fc1aa150b7267461225ee8722205
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F16F31E0DA428AE740AB69EC44AB9B3B0FB45B44F944535DA0D53698FF3CE9458F70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4B8EB Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressProc$CallerCreateCriticalDirectoryEntryErrorFunctionHandleInitializeLastLibraryLoadLookupModuleSectionSystemUuid
                                                                                                                                                                                                                                                                      • String ID: 1412$6$:$CA55$MiniDumpWriteDump$MiniDumpWriteDump initialization failed, error code {}$RaiseException$dbghelp.dll$kernelbase.dll
                                                                                                                                                                                                                                                                      • API String ID: 3088041607-92576876
                                                                                                                                                                                                                                                                      • Opcode ID: b52c5dd3bf7697965bee94dc124aeefacfe1c2661f0359f507a9e087febcd401
                                                                                                                                                                                                                                                                      • Instruction ID: ce05c81e6fae0ffbb2f8d1443c9acfcc12fe0f9e8d377259e5029922874ddfab
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b52c5dd3bf7697965bee94dc124aeefacfe1c2661f0359f507a9e087febcd401
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58A1AC32E18B8596E704EB38D8407ACB370FB94744F409225DB8D63A65EF3CE5A5CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB723E0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 156threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$Token$CurrentInformationOpenProcessThread$CloseHandle
                                                                                                                                                                                                                                                                      • String ID: Unable to open current thread token!$Unable to open default process token!$Unable to retrieve the size of user SID!$Unable to retrieve the user SID!
                                                                                                                                                                                                                                                                      • API String ID: 1997037448-745207089
                                                                                                                                                                                                                                                                      • Opcode ID: 10bb3bb01a4548750a569175906749bcbae5a52a15f9e9a32a1d1df18112fce2
                                                                                                                                                                                                                                                                      • Instruction ID: b31a2bd9f8fade2d8146b4b2f38b03f0ae9a84c19d6c290beae38c532a3887df
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10bb3bb01a4548750a569175906749bcbae5a52a15f9e9a32a1d1df18112fce2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22713332A1DB8686EA20AB55EC642EEE364FB84780FD04036DA4D43659EF3CD546CF70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4BF4F Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 247COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1184 7ff72da4bf4f 1185 7ff72da4bf52-7ff72da4bf5b 1184->1185 1185->1185 1186 7ff72da4bf5d-7ff72da4bf76 call 7ff72da2df10 1185->1186 1189 7ff72da4bf78-7ff72da4bf8e PathRemoveFileSpecW 1186->1189 1190 7ff72da4bfb1-7ff72da4c127 call 7ff72da4d050 call 7ff72dbdd254 call 7ff72da2aef0 call 7ff72dbdece0 call 7ff72da529f0 call 7ff72da2aef0 call 7ff72dbdece0 call 7ff72da529f0 1186->1190 1192 7ff72da4bf91-7ff72da4bf9a 1189->1192 1213 7ff72da4c129-7ff72da4c18b call 7ff72da2aef0 call 7ff72dbdece0 1190->1213 1214 7ff72da4c190-7ff72da4c198 1190->1214 1192->1192 1194 7ff72da4bf9c-7ff72da4bfac call 7ff72da2df10 1192->1194 1194->1190 1213->1214 1216 7ff72da4c19e-7ff72da4c1cb call 7ff72db81a00 * 2 1214->1216 1217 7ff72da4c409 1214->1217 1235 7ff72da4cd98-7ff72da4cd9d call 7ff72da23890 1216->1235 1236 7ff72da4c1d1-7ff72da4c1d6 1216->1236 1219 7ff72da4c40d-7ff72da4c411 1217->1219 1221 7ff72da4c417-7ff72da4c475 call 7ff72da283a0 call 7ff72dad9540 1219->1221 1222 7ff72da4c9d9-7ff72da4c9e7 call 7ff72da5a470 1219->1222 1244 7ff72da4c477 1221->1244 1245 7ff72da4c47a-7ff72da4c53e call 7ff72da527d0 call 7ff72da5beb0 call 7ff72db84980 1221->1245 1233 7ff72da4c9e9-7ff72da4ca4e call 7ff72da36cc0 1222->1233 1234 7ff72da4ca53-7ff72da4ca58 1222->1234 1253 7ff72da4cca2-7ff72da4cca5 call 7ff72da4cec0 1233->1253 1240 7ff72da4cb5b-7ff72da4cb67 1234->1240 1241 7ff72da4ca5e-7ff72da4cac8 call 7ff72da279d0 1234->1241 1258 7ff72da4cd9e-7ff72da4cda3 call 7ff72dbda850 1235->1258 1238 7ff72da4c1db-7ff72da4c38d call 7ff72da32f60 call 7ff72da2e0f0 * 3 call 7ff72da2de60 * 3 RpcStringBindingComposeW 1236->1238 1239 7ff72da4c1d8 1236->1239 1323 7ff72da4c3a6-7ff72da4c3af 1238->1323 1324 7ff72da4c38f-7ff72da4c3a4 RpcBindingFromStringBindingW 1238->1324 1239->1238 1247 7ff72da4cb6c-7ff72da4cb75 GetFileAttributesW 1240->1247 1248 7ff72da4cb69 1240->1248 1263 7ff72da4cb08-7ff72da4cb13 1241->1263 1264 7ff72da4caca-7ff72da4cb07 1241->1264 1244->1245 1288 7ff72da4c543-7ff72da4c54d 1245->1288 1254 7ff72da4cb77-7ff72da4cb79 1247->1254 1255 7ff72da4cb7f 1247->1255 1248->1247 1268 7ff72da4ccaa-7ff72da4cd97 call 7ff72da2de60 * 2 call 7ff72dbdcd10 1253->1268 1254->1255 1261 7ff72da4cb7b-7ff72da4cb7d 1254->1261 1265 7ff72da4cb81-7ff72da4cba1 1255->1265 1279 7ff72da4cda4-7ff72da4cda9 call 7ff72da237d0 1258->1279 1261->1265 1263->1253 1273 7ff72da4cb19-7ff72da4cb23 1263->1273 1264->1263 1270 7ff72da4cbce-7ff72da4cc1a call 7ff72da279d0 1265->1270 1271 7ff72da4cba3-7ff72da4cbc9 call 7ff72da515d0 1265->1271 1293 7ff72da4cc1c-7ff72da4cc4f 1270->1293 1294 7ff72da4cc5a-7ff72da4cc65 1270->1294 1271->1253 1273->1253 1280 7ff72da4cb29-7ff72da4cb40 1273->1280 1280->1253 1301 7ff72da4cb46-7ff72da4cb56 1280->1301 1297 7ff72da4c54f 1288->1297 1298 7ff72da4c552-7ff72da4c725 call 7ff72da2e0f0 call 7ff72da2de60 call 7ff72da52660 call 7ff72da52910 call 7ff72dc2e6e0 call 7ff72da50550 call 7ff72da50690 1288->1298 1306 7ff72da4cc59 1293->1306 1295 7ff72da4cc9c 1294->1295 1296 7ff72da4cc67-7ff72da4cc71 1294->1296 1295->1253 1296->1295 1302 7ff72da4cc73-7ff72da4cc8a 1296->1302 1297->1298 1298->1258 1341 7ff72da4c72b-7ff72da4c72e 1298->1341 1301->1253 1302->1295 1315 7ff72da4cc8c-7ff72da4cc92 1302->1315 1306->1294 1315->1295 1326 7ff72da4c3bf-7ff72da4c3c1 1323->1326 1327 7ff72da4c3b1-7ff72da4c3b9 RpcStringFreeW 1323->1327 1324->1323 1329 7ff72da4c3c3-7ff72da4c3c6 call 7ff72da4f480 1326->1329 1330 7ff72da4c3cf-7ff72da4c3f3 call 7ff72da2de60 1326->1330 1327->1326 1334 7ff72da4c3cb 1329->1334 1330->1219 1334->1330 1342 7ff72da4c734-7ff72da4c741 1341->1342 1343 7ff72da4c7d1 1341->1343 1342->1279 1345 7ff72da4c747-7ff72da4c7cf call 7ff72da320f0 call 7ff72dc2df60 1342->1345 1344 7ff72da4c7d9-7ff72da4c80a call 7ff72da51240 1343->1344 1351 7ff72da4c88c-7ff72da4c89f 1344->1351 1352 7ff72da4c810-7ff72da4c819 1344->1352 1345->1344 1353 7ff72da4c8a5-7ff72da4c8b7 1351->1353 1354 7ff72da4c9a2-7ff72da4c9d4 call 7ff72da4cdb0 call 7ff72da2de60 call 7ff72da2db20 call 7ff72da2de60 1351->1354 1356 7ff72da4c81b-7ff72da4c82b 1352->1356 1357 7ff72da4c860-7ff72da4c88a call 7ff72da51240 1352->1357 1359 7ff72da4c8c0-7ff72da4c8ca 1353->1359 1354->1222 1361 7ff72da4c82d-7ff72da4c846 call 7ff72da2c6b0 1356->1361 1362 7ff72da4c848-7ff72da4c853 1356->1362 1357->1351 1357->1352 1364 7ff72da4c8cc-7ff72da4c8df call 7ff72dbdcdf0 1359->1364 1365 7ff72da4c8f9-7ff72da4c933 1359->1365 1361->1357 1362->1357 1367 7ff72da4c85b call 7ff72da51b20 1362->1367 1364->1365 1378 7ff72da4c8e1-7ff72da4c8f4 call 7ff72dbdad50 call 7ff72dbdcd80 1364->1378 1371 7ff72da4c938-7ff72da4c98f call 7ff72da30cd0 1365->1371 1372 7ff72da4c935 1365->1372 1367->1357 1380 7ff72da4c995-7ff72da4c99c 1371->1380 1381 7ff72da4c991 1371->1381 1372->1371 1378->1365 1380->1354 1380->1359 1381->1380
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FilePathRemoveSpec__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: "$1412$?$CA55$CrashGuard initialized successfully, external debugger attached$CrashGuard initialized successfully, only internal dumping available$CrashGuardProcessWatcherExclusions$D$Failed to install crash hooks$avcfg://settings/CrashGuard/DumpFirstChance$avcfg://settings/CrashGuard/FullDumpFraction$python.exe;pythonw.exe;
                                                                                                                                                                                                                                                                      • API String ID: 962821443-372037041
                                                                                                                                                                                                                                                                      • Opcode ID: db2f76fab1b81b25abf5d97a14f28dab540134e5640aa78196508083f20dce97
                                                                                                                                                                                                                                                                      • Instruction ID: ca7474753d42a6fbc311281877cdc5d1e4fb5b8d7507b9c949148dd8283a0a6d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db2f76fab1b81b25abf5d97a14f28dab540134e5640aa78196508083f20dce97
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CD15D3290DB8685EA60EB15E844BEAA370FB85740F904136D68D53669FF3CD985CF70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB801C0 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 298COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1988 7ff72db801c0-7ff72db80220 SHGetFolderPathW 1989 7ff72db80226-7ff72db80236 1988->1989 1990 7ff72db804d5-7ff72db804eb 1988->1990 1991 7ff72db80238-7ff72db8024d GetWindowsDirectoryW 1989->1991 1992 7ff72db80263-7ff72db80266 1989->1992 1993 7ff72db804f2-7ff72db804fb 1990->1993 1995 7ff72db806e7-7ff72db8072c GetLastError call 7ff72db80990 call 7ff72dbdf810 1991->1995 1996 7ff72db80253-7ff72db80258 1991->1996 1997 7ff72db80268-7ff72db8027d GetSystemDirectoryW 1992->1997 1998 7ff72db80293-7ff72db80296 1992->1998 1993->1993 1994 7ff72db804fd-7ff72db80508 call 7ff72da283a0 1993->1994 2008 7ff72db8050d 1994->2008 2002 7ff72db8072d-7ff72db80775 call 7ff72db80990 call 7ff72dbdf810 1995->2002 2001 7ff72db8025e 1996->2001 1996->2002 2003 7ff72db80776-7ff72db807c1 GetLastError call 7ff72db80990 call 7ff72dbdf810 1997->2003 2004 7ff72db80283-7ff72db80288 1997->2004 2005 7ff72db80298-7ff72db802a0 call 7ff72db808b0 1998->2005 2006 7ff72db802a5-7ff72db802a8 1998->2006 2001->1990 2002->2003 2015 7ff72db807c2-7ff72db808a0 call 7ff72db80990 call 7ff72dbdf810 call 7ff72db80990 call 7ff72dbdf810 call 7ff72db80990 call 7ff72dbdf810 2003->2015 2014 7ff72db8028e 2004->2014 2004->2015 2005->2008 2010 7ff72db802aa-7ff72db802b2 call 7ff72db80920 2006->2010 2011 7ff72db802b7-7ff72db802ba 2006->2011 2017 7ff72db80510-7ff72db8052a call 7ff72dbdcd10 2008->2017 2010->2008 2020 7ff72db803a5-7ff72db803a8 2011->2020 2021 7ff72db802c0-7ff72db803a0 call 7ff72da527d0 call 7ff72da5beb0 call 7ff72db84980 call 7ff72da52660 call 7ff72da52910 2011->2021 2014->1990 2025 7ff72db803ae-7ff72db80491 call 7ff72da527d0 call 7ff72da5beb0 call 7ff72db84980 call 7ff72da52660 call 7ff72da52910 2020->2025 2026 7ff72db8054d-7ff72db80550 2020->2026 2021->2008 2025->2017 2038 7ff72db80556-7ff72db80639 call 7ff72da527d0 call 7ff72da5beb0 call 7ff72db84980 call 7ff72da52660 call 7ff72da52910 2026->2038 2039 7ff72db806a3-7ff72db806e6 call 7ff72db80990 call 7ff72dbdf810 2026->2039 2038->2017 2039->1995
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DirectoryErrorLast$FolderPathSystemWindows
                                                                                                                                                                                                                                                                      • String ID: 3$3$@$AppData$Common AppData$Local AppData$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Unable to retrieve a path of the known folder ({})!
                                                                                                                                                                                                                                                                      • API String ID: 1744653567-820728636
                                                                                                                                                                                                                                                                      • Opcode ID: ac73e84b318c57ecfe3ab08d481064085c017ebdd4b014b688cb8fe173049d87
                                                                                                                                                                                                                                                                      • Instruction ID: d37e44794cca44095e982767a53d84b3d4911bf6ff2e90d9315f918e783b7bc3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac73e84b318c57ecfe3ab08d481064085c017ebdd4b014b688cb8fe173049d87
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CE14C3291CBC695E660EB14E8507EAF364FB84340F905136E68D82A99EF7CD685CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5D3A0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 296registrytimeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 2082 7ff72da5d3a0-7ff72da5d406 2083 7ff72da5d40c-7ff72da5d592 call 7ff72da527d0 call 7ff72da5beb0 call 7ff72db876c0 call 7ff72da52660 call 7ff72da52910 call 7ff72dc2e6e0 call 7ff72da5b9c0 call 7ff72dc2e6e0 call 7ff72da5b9c0 2082->2083 2084 7ff72da5d408 2082->2084 2103 7ff72da5d595-7ff72da5d59d 2083->2103 2084->2083 2103->2103 2104 7ff72da5d59f-7ff72da5d5ea call 7ff72da60d40 call 7ff72da52660 2103->2104 2109 7ff72da5d84c-7ff72da5d857 2104->2109 2110 7ff72da5d5f0-7ff72da5d60f 2104->2110 2111 7ff72da5d86c-7ff72da5d88b 2109->2111 2112 7ff72da5d859-7ff72da5d867 call 7ff72da5b6a0 2109->2112 2113 7ff72da5d610-7ff72da5d618 2110->2113 2116 7ff72da5d88d-7ff72da5d897 2111->2116 2117 7ff72da5d899 2111->2117 2112->2111 2113->2113 2115 7ff72da5d61a-7ff72da5d667 call 7ff72da5b820 call 7ff72da52660 2113->2115 2115->2109 2132 7ff72da5d66d-7ff72da5d677 2115->2132 2119 7ff72da5d8a0-7ff72da5d8a3 2116->2119 2117->2119 2121 7ff72da5d8b7-7ff72da5d8c9 2119->2121 2122 7ff72da5d8a5-7ff72da5d8ad RegCloseKey 2119->2122 2125 7ff72da5d8cb-7ff72da5d8d9 call 7ff72da5b6a0 2121->2125 2126 7ff72da5d8de-7ff72da5d8fd 2121->2126 2122->2121 2124 7ff72da5d8af-7ff72da5d8b1 SetLastError 2122->2124 2124->2121 2125->2126 2128 7ff72da5d90b 2126->2128 2129 7ff72da5d8ff-7ff72da5d909 2126->2129 2131 7ff72da5d912-7ff72da5d915 2128->2131 2129->2131 2133 7ff72da5d917-7ff72da5d91f RegCloseKey 2131->2133 2134 7ff72da5d929-7ff72da5d93e 2131->2134 2132->2109 2135 7ff72da5d67d-7ff72da5d6a3 GetSystemTimeAsFileTime 2132->2135 2133->2134 2136 7ff72da5d921-7ff72da5d923 SetLastError 2133->2136 2137 7ff72da5d955-7ff72da5d97b call 7ff72dbdcd10 2134->2137 2138 7ff72da5d940-7ff72da5d94b RegCloseKey 2134->2138 2135->2109 2139 7ff72da5d6a9-7ff72da5d6cc 2135->2139 2136->2134 2138->2137 2140 7ff72da5d94d-7ff72da5d94f SetLastError 2138->2140 2142 7ff72da5d6d0-7ff72da5d6d8 2139->2142 2140->2137 2142->2142 2143 7ff72da5d6da-7ff72da5d727 call 7ff72db85d00 2142->2143 2146 7ff72da5d72c-7ff72da5d78e call 7ff72da52660 call 7ff72da5b9c0 2143->2146 2151 7ff72da5d793-7ff72da5d79b 2146->2151 2151->2151 2152 7ff72da5d79d-7ff72da5d7eb call 7ff72db85c20 call 7ff72da52660 2151->2152 2157 7ff72da5d7ed-7ff72da5d7fb call 7ff72da5b6a0 2152->2157 2158 7ff72da5d800-7ff72da5d81f 2152->2158 2157->2158 2159 7ff72da5d82d 2158->2159 2160 7ff72da5d821-7ff72da5d82b 2158->2160 2162 7ff72da5d834-7ff72da5d837 2159->2162 2160->2162 2162->2109 2163 7ff72da5d839-7ff72da5d841 RegCloseKey 2162->2163 2163->2109 2164 7ff72da5d843-7ff72da5d84b SetLastError 2163->2164 2164->2109
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseErrorLast$Time$FileSystem
                                                                                                                                                                                                                                                                      • String ID: CrashGuardUms$GlobalFlag$StackTraceDatabaseSizeInMB
                                                                                                                                                                                                                                                                      • API String ID: 108130482-4061403250
                                                                                                                                                                                                                                                                      • Opcode ID: 3a32929874c5ba049d89a2086614b6ae8c61e36d9859c7f9eeadf05f019417fd
                                                                                                                                                                                                                                                                      • Instruction ID: dd1b9ebb2309a6db27267b0cfb2e11186a4c0fd89e92f253652d42917068a322
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a32929874c5ba049d89a2086614b6ae8c61e36d9859c7f9eeadf05f019417fd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68F1846291CBC189EB609F24DC907E9B3B4F785748F805135EB8D47A98EF38D645CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB72D60 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastThread$CurrentOpenToken$ImpersonateSelf
                                                                                                                                                                                                                                                                      • String ID: Unable to assign the process impersonation token to the thread!$Unable to obtain the thread access token!
                                                                                                                                                                                                                                                                      • API String ID: 98968010-1627354483
                                                                                                                                                                                                                                                                      • Opcode ID: 89b81d41f91d8fcaac0b3c6dd128e0c325d0ea1a2f66212f0c7e4c3b52ce73bc
                                                                                                                                                                                                                                                                      • Instruction ID: 21af2df1c5ae6c5b777d75f1ce55a51ccfeb0185a003d2bdba5c816f0442632b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89b81d41f91d8fcaac0b3c6dd128e0c325d0ea1a2f66212f0c7e4c3b52ce73bc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3214F22E1C5479AE710BB65EC282A9E360FF84B44FD48035D54D422A5FE3CE58ACF71
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB731B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandle$RevertSelf
                                                                                                                                                                                                                                                                      • String ID: Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$Unable to remove the impersonation token from the thread!
                                                                                                                                                                                                                                                                      • API String ID: 680554984-1021965375
                                                                                                                                                                                                                                                                      • Opcode ID: 111284e2d089178176d565f854dc630c12fb5ce56d4440cafbf20d900c1c6164
                                                                                                                                                                                                                                                                      • Instruction ID: 3637872e424f92575321199d69eb9daed744a630a58f7125910942ff9ca98b55
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 111284e2d089178176d565f854dc630c12fb5ce56d4440cafbf20d900c1c6164
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6518232A0CA4296F710AB65EC643ADB3B1FB44788F944036DA8D43A99EF3CD555CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4BDEF Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileModule$AttributesErrorHandleLastName
                                                                                                                                                                                                                                                                      • String ID: 1412$CA55$G$Install failed: cannot get filename of current process due to error: {}$u
                                                                                                                                                                                                                                                                      • API String ID: 816269828-125834478
                                                                                                                                                                                                                                                                      • Opcode ID: 39ebdee348ca7d7dd8fab0a5bc9dde8d81eab85bc8b7914af76c2f999b124019
                                                                                                                                                                                                                                                                      • Instruction ID: 152d96f946faa22a8a70bbd019227cf4673a82565dc54d9814b66e6db45a1777
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39ebdee348ca7d7dd8fab0a5bc9dde8d81eab85bc8b7914af76c2f999b124019
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9231837290C68186E720EF25E8547AAB3B0FBC1744F90553AD68C42699FF3CD985CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4CEC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: avcfg://settings/CrashGuard/DumpFirstChance$avcfg://settings/CrashGuard/FullDumpFraction$avdef://config/Common/DumpFirstChance$avdef://config/Common/FullDumpFraction
                                                                                                                                                                                                                                                                      • API String ID: 2453523683-773575770
                                                                                                                                                                                                                                                                      • Opcode ID: b1916160a59b74a8e39b76d607dcd4b5df066ae32188dfa8e6e8231b47ea40ef
                                                                                                                                                                                                                                                                      • Instruction ID: 6633946e393dd2b7ed8ff805280bf4df860d5c9685c8dd1ea42c22231a1f3a19
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1916160a59b74a8e39b76d607dcd4b5df066ae32188dfa8e6e8231b47ea40ef
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04416232E18B5299EB00EB65EC404FC7374FB85B48B804525EE4D63B59EF38D696C7A0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7E2A0 Relevance: 13.6, APIs: 9, Instructions: 112COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateDirectory$AttributesFile
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2650082360-0
                                                                                                                                                                                                                                                                      • Opcode ID: b2509e1b89ee1c9a0de528c9843d414a1cc7525bf1f3e2ed96dda613d9510867
                                                                                                                                                                                                                                                                      • Instruction ID: 6ce980bef61f9381b1690f28ec28994a6f5a30c6511631a58ca4e83a616062ef
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2509e1b89ee1c9a0de528c9843d414a1cc7525bf1f3e2ed96dda613d9510867
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C241B632E0CA4282E710AF29E85417DE3A1FF85F94FC44535DA5D57698EF3CE4868B60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DAB9C00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 185fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF72DAB9C8E
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF72DAB9CA8
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF72DAB9D55
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDF810: RtlPcToFileHeader.NTDLL ref: 00007FF72DBDF860
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDF810: RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF72DBDA8D6), ref: 00007FF72DBDF8A1
                                                                                                                                                                                                                                                                      • LockFileEx.KERNEL32 ref: 00007FF72DAB9DDC
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00007FF72DAB9DEB
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$ErrorLast$CloseCreateExceptionHandleHeaderLockRaise
                                                                                                                                                                                                                                                                      • String ID: couldn't obtain exclusive file lock$couldn't open file
                                                                                                                                                                                                                                                                      • API String ID: 3557019546-1370462906
                                                                                                                                                                                                                                                                      • Opcode ID: 6ccdc2bd04a04dd58bbf314cd43a9362f74bd838179ecf472aefe5bef1a61c75
                                                                                                                                                                                                                                                                      • Instruction ID: ba110a904afd134b8e783156fa8e4d777a6b23b0353b42c231053c4af27ec2d8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ccdc2bd04a04dd58bbf314cd43a9362f74bd838179ecf472aefe5bef1a61c75
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB61B632A1CB4186D750AF15E854BA9B3A4FB947A4F904235EAAD437D4EF3CD846CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC04070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF72DC049A8,?,?,?,?,00007FF72DC002DD,?,?,?,?,00007FF72DBDA5C4), ref: 00007FF72DC041EF
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF72DC049A8,?,?,?,?,00007FF72DC002DD,?,?,?,?,00007FF72DBDA5C4), ref: 00007FF72DC041FB
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 5d6153e544ae884e6be49f66bbf10d51b184a83c3381c89dbfd5eb331c8d0587
                                                                                                                                                                                                                                                                      • Instruction ID: c34c9cd278aa216c549493ebf6c8016c27a06cf7d65652d59ae8d425b983794e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d6153e544ae884e6be49f66bbf10d51b184a83c3381c89dbfd5eb331c8d0587
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E41F521B0DA0255FA12EB1AAC14576E396FF55BD0F848135DD1D87788FE3CE4868B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB83C10 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                                                                                                                      • API String ID: 0-3023212541
                                                                                                                                                                                                                                                                      • Opcode ID: 14529ded0de5446f4a179889d77de0ddcbae0ce5b9f8b4f9011b8a88c8c4cdfe
                                                                                                                                                                                                                                                                      • Instruction ID: 8aab5b9d1faea6502836a2b39a665ea267a0e872d2697f65f17eb1fb5f357e6d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14529ded0de5446f4a179889d77de0ddcbae0ce5b9f8b4f9011b8a88c8c4cdfe
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4A1BF72A08B9186D7109B18E8443ADB7A1FB45B74F948325DABD837D4EF3CD495CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4D074 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                      • String ID: 1412$CA55$Process dumper doesn't exist in path '$kT
                                                                                                                                                                                                                                                                      • API String ID: 3188754299-3328827871
                                                                                                                                                                                                                                                                      • Opcode ID: 9e49c0bb97abce77a4f8995457144b49f1f47d4f3dbbe7514e02eeac80b94cbe
                                                                                                                                                                                                                                                                      • Instruction ID: 0986dab880133e0ca09bc43dfbbb1658ee85fb9dedd9d0b5f937fa2fc032f6ac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e49c0bb97abce77a4f8995457144b49f1f47d4f3dbbe7514e02eeac80b94cbe
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F319021A1C54286EA50BB15EC489BAE370FF81790FD01631EA5E476D9FF2CEA458F70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB722D0 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CurrentOpenProcessThreadToken$CloseHandle
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2320986313-0
                                                                                                                                                                                                                                                                      • Opcode ID: c3e1d1c2dafc5f74914ba39f97b3b09bc139cfbc940a770d0b25d2f0f0e53b82
                                                                                                                                                                                                                                                                      • Instruction ID: 44b72cd9cc8d4af9caf6e8ed254ce690023f6eea2b6d3dee4b64430f706f192b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3e1d1c2dafc5f74914ba39f97b3b09bc139cfbc940a770d0b25d2f0f0e53b82
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8112522E0C6828AFA60BB65EC6477EE350EF85745F808035C98D46755EF2CD489CF71
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB846B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_copy$CloseErrorExceptionFileHeaderLastOpenQueryRaiseValue
                                                                                                                                                                                                                                                                      • String ID: Cannot query registry value
                                                                                                                                                                                                                                                                      • API String ID: 1628994363-1100310711
                                                                                                                                                                                                                                                                      • Opcode ID: ba3bf8002d6cbdf6a96e2651c01a86de505fe7221026ea443cfb078ab4a1dafe
                                                                                                                                                                                                                                                                      • Instruction ID: f822e57f5d4e1f609addb10be3791627859f0d18c20808b299c7ce10278e2268
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba3bf8002d6cbdf6a96e2651c01a86de505fe7221026ea443cfb078ab4a1dafe
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D517136A08B419AE710DF64E8905ACB3B0FB98748F945135EB4D43B58EF38E5A4CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB854C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Create$CloseErrorLast
                                                                                                                                                                                                                                                                      • String ID: Cannot create registry key
                                                                                                                                                                                                                                                                      • API String ID: 3551974399-2366797263
                                                                                                                                                                                                                                                                      • Opcode ID: 3a9f815c0f5876e9efb3ac377ae917b0f9d39858e81cc8fdae0bd8d1dc40607e
                                                                                                                                                                                                                                                                      • Instruction ID: 82f4a38b4f3ff876be3774d5f62b1a8b59f8c54f625a09320a30e33717b7a4c4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a9f815c0f5876e9efb3ac377ae917b0f9d39858e81cc8fdae0bd8d1dc40607e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB414772A18B818AE720DF74E8902DD77B5F748788F50053ADE8957B18DF38D591CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBF3FF8 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2067211477-0
                                                                                                                                                                                                                                                                      • Opcode ID: 86fde46315ec145f1fafc169df4172b4604b24502f2d42cb1b84a9dee100768e
                                                                                                                                                                                                                                                                      • Instruction ID: 08f8663c0a4bf0d19b0b26dc6c58b693f857cd3a6615f3277d19e5b5c9030d9d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86fde46315ec145f1fafc169df4172b4604b24502f2d42cb1b84a9dee100768e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12215325A0D74249EE15AF65E8241BDE2A0FF84BC0F848439FA4D43795FE3CE4458E70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB84850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseErrorExceptionFileHeaderLastOpenQueryRaiseValue__std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: Cannot query registry value
                                                                                                                                                                                                                                                                      • API String ID: 2471027143-1100310711
                                                                                                                                                                                                                                                                      • Opcode ID: 787f247438136ea345512c5dd3c2bb352683b47488344db3cccee6f2211c5fed
                                                                                                                                                                                                                                                                      • Instruction ID: 9372b5fcaf197eb08e30d212c61a33d60486409f15e9fc9333f4f067ea4f76d2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 787f247438136ea345512c5dd3c2bb352683b47488344db3cccee6f2211c5fed
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A315E32B08A8589E710EF64D8512ECB3B5FB48748F845435EF8D43A59EF38E694CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7D160 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D090: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF72DA273C1,?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DB7D0D1
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D090: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF72DA273C1,?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DB7D0EA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D090: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF72DA273C1,?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DB7D147
                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1B4
                                                                                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1D5
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DB7D1FF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF72DB7D220
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$ChangeCloseDeleteEnterEventFindInitializeLeaveNotification
                                                                                                                                                                                                                                                                      • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                                                                                                                      • API String ID: 2148637788-3605786268
                                                                                                                                                                                                                                                                      • Opcode ID: 4e29154e625a3efb19ea16a0ee78175490946f422caccf38375553f0e237be0c
                                                                                                                                                                                                                                                                      • Instruction ID: 043936cf1e9011d903635cc49b8b28f84c502ff284bf17a34dd0a96d831b3c62
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e29154e625a3efb19ea16a0ee78175490946f422caccf38375553f0e237be0c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5218322A0CA4586EB00EF29ED6417DA360FF88790F944535DA5D436A4EF7CE5928B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA2E230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111synchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DA273E0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: LeaveCriticalSection.KERNEL32 ref: 00007FF72DA27421
                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF72DA2E34D
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00007FF72DA2E36F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1B4
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1D5
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: LeaveCriticalSection.KERNEL32 ref: 00007FF72DB7D1FF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait
                                                                                                                                                                                                                                                                      • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                      • API String ID: 2569023850-2706815617
                                                                                                                                                                                                                                                                      • Opcode ID: c33e72975d9d709c4efa33ca56eeb8cc3916e7964e6485c31c85f1466463455b
                                                                                                                                                                                                                                                                      • Instruction ID: 954df6e780535f0fd9aa11f8812a97bf93642303c423e7d5993273c0e28e875a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c33e72975d9d709c4efa33ca56eeb8cc3916e7964e6485c31c85f1466463455b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD51AE32A08B41CAEB10EF21E8506ECB3B5FB44748F841535DA4D17B99EF38E692C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA2E3F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111synchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DA273E0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: LeaveCriticalSection.KERNEL32 ref: 00007FF72DA27421
                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF72DA2E50D
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00007FF72DA2E52F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1B4
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1D5
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: LeaveCriticalSection.KERNEL32 ref: 00007FF72DB7D1FF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait
                                                                                                                                                                                                                                                                      • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                      • API String ID: 2569023850-2706815617
                                                                                                                                                                                                                                                                      • Opcode ID: 8c7d3632c0b6b3fa106aaa6c9bad16e5f62cf4b9736dca25241be8fd3054b77b
                                                                                                                                                                                                                                                                      • Instruction ID: 7740f23b6193c8d458908d4d8c92969f498e3ce3d4ea901cc2bb3fcd6218a169
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c7d3632c0b6b3fa106aaa6c9bad16e5f62cf4b9736dca25241be8fd3054b77b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0518C32A18B41CAEB10EF21E8506ACB3B5FB44B48F841535DA4D17B99FF38E592C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5B490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ControlCountDeviceTick
                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                      • API String ID: 2693983885-3081909835
                                                                                                                                                                                                                                                                      • Opcode ID: 9bf5e6904c2c17927c5e34c71df002658efa45478e14580719c3e12f49a9c689
                                                                                                                                                                                                                                                                      • Instruction ID: 850a45dbdcb1828410d87648b010520442b684f209bf04c5697e416841c38556
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bf5e6904c2c17927c5e34c71df002658efa45478e14580719c3e12f49a9c689
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF218E32A18F84C2E750DF28E89472AB3B4F799B98F505225DB9D03798EF38D495CB50
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDF810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: 14b343bba3e759a0b405607f243f3861f6fe699e4418d788d4a04240fec03d74
                                                                                                                                                                                                                                                                      • Instruction ID: 9a6d21cb089ef866df978bd3f51b69a6ce25fcde150ff268d1d0192ae19e6287
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14b343bba3e759a0b405607f243f3861f6fe699e4418d788d4a04240fec03d74
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B115E32A1CB8182EB209B15E854259B7E5FB88B84F684234EF8C07768EF3DC5518B10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5B580 Relevance: 4.6, APIs: 3, Instructions: 53timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Times$CountProcessSystemTick
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1969624557-0
                                                                                                                                                                                                                                                                      • Opcode ID: e5a8df25eb447f0897b7af9c56eb5d091a523079ee8049f9c4802534b2662b99
                                                                                                                                                                                                                                                                      • Instruction ID: e9eccc2b30184643a2819abc4f633a661beeaf31330373884eb7f10b8f0df006
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5a8df25eb447f0897b7af9c56eb5d091a523079ee8049f9c4802534b2662b99
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF210C3291CF8582DB409F29E8405AEB3B4FB88B88F505126EB8D43729EF38D594CB50
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB876C0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 181registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                                                      • String ID: Cannot open registry key
                                                                                                                                                                                                                                                                      • API String ID: 71445658-2132507311
                                                                                                                                                                                                                                                                      • Opcode ID: 6b1a80dc925dd75e92f34d0c4196cd048920ce2b6d49fe1ea4bcebaca512445f
                                                                                                                                                                                                                                                                      • Instruction ID: 6f7d7fb0b9c6b4580c92a3b79c5a151f8d96cc84432ab17b947c505db8f1e84d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b1a80dc925dd75e92f34d0c4196cd048920ce2b6d49fe1ea4bcebaca512445f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4616C32B187818AE7209F29E8446ADB765FB48788F945139DF8D57F09EF38D191CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA279D0 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                      • Opcode ID: 67e2fab021266c9c77d075616b6545519a1305d6dd13717808bc519e3f3051b4
                                                                                                                                                                                                                                                                      • Instruction ID: 05d0a8631c03079a0faf9a2b129220c5cff2e3c2046bed4b5e242cfb183c1aae
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67e2fab021266c9c77d075616b6545519a1305d6dd13717808bc519e3f3051b4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44416231A0CB4186EB10EB16E844A29F3B5FB48BA0F958536DA5D53750FF3DD981CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5CA40 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CurrentInfoNativeProcessSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3852810090-0
                                                                                                                                                                                                                                                                      • Opcode ID: 09c77ee01eb2b546073ee9c0064004b23e8d8111813079752c7fa078b26fe35a
                                                                                                                                                                                                                                                                      • Instruction ID: 09b86d150ab373d9f5e6df1e3d8d69e09ccc7cc7f8ddb88fcdce615dd5f6b916
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09c77ee01eb2b546073ee9c0064004b23e8d8111813079752c7fa078b26fe35a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88419232604B808AD750CF26E98065DB7FCFB64B88F15822ADF8947BA8DF38D465C750
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA23260 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32 ref: 00007FF72DA2326B
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DAC6E20: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF72DA2327D), ref: 00007FF72DAC6E76
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DAC6E20: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF72DA2327D), ref: 00007FF72DAC6E8B
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBC4410: GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF72DA23287), ref: 00007FF72DBC4441
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressCriticalHandleInitializeModuleProcSectionSystemTimes
                                                                                                                                                                                                                                                                      • String ID: g@pU
                                                                                                                                                                                                                                                                      • API String ID: 1646434232-3272688107
                                                                                                                                                                                                                                                                      • Opcode ID: 65821a5ab7219d1bf11f55eabfe9411a9e86aaad5877f87c77446249d3a5b555
                                                                                                                                                                                                                                                                      • Instruction ID: 9ef62a7052523c45de8c20b10799c9d8d6327435bdd8227420aa40bb5c805cc2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65821a5ab7219d1bf11f55eabfe9411a9e86aaad5877f87c77446249d3a5b555
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26F0F411D2CE8681E600EB24ED951B4A320EFA9348FE29276D54D41172FFACB2D58B30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA96C60 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                      • Opcode ID: 20f493b9ae071d3f6d407ad5c6f31eedaaecc9cdf34c1cdb86c3f10cd0eae4ed
                                                                                                                                                                                                                                                                      • Instruction ID: 66990f6e7a7ed0d2e336a1a639cf7f70cc7a4fd45b0fa65e3066ad7e125db2e2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20f493b9ae071d3f6d407ad5c6f31eedaaecc9cdf34c1cdb86c3f10cd0eae4ed
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11916132A0DA8585EB10AF29DC506A8B3B1FF48B88F988535DA4D43764EF3CD955CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA2DF10 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3668304517-0
                                                                                                                                                                                                                                                                      • Opcode ID: eb0c670ca6d3ba9ec2bca2da2013aa8bda431359817c1968a5fc34f7ff0c57f3
                                                                                                                                                                                                                                                                      • Instruction ID: 8a7e3674652a8e63b6b3ad54c2de8d9ffa353ce69016d65f047bd89cd5b8655b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb0c670ca6d3ba9ec2bca2da2013aa8bda431359817c1968a5fc34f7ff0c57f3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5411362B0C78592DE04EB16D90886CA2A1FB44FE0F944632EF6C177C5FE7CD9918764
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDCE80 Relevance: 1.6, APIs: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                                      • Opcode ID: d09ca884dd5dda2c3ed9833b25182662381ffba5d249c1d763d207f0c79d1e95
                                                                                                                                                                                                                                                                      • Instruction ID: 395df97c981514651d843041feff78c751fd0d1578f678e80b825a33afb783bd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d09ca884dd5dda2c3ed9833b25182662381ffba5d249c1d763d207f0c79d1e95
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A151B171D1C6428AF714AF19BC69669BA90EB4A361FD0453AD99D82694FE3CE440CF30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB843A0 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __std_exception_copy.LIBVCRUNTIME ref: 00007FF72DB844E6
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDF810: RtlPcToFileHeader.NTDLL ref: 00007FF72DBDF860
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDF810: RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF72DBDA8D6), ref: 00007FF72DBDF8A1
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise__std_exception_copy
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3973727643-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4f13111e9576ebb298db5b3a423682e425a5c878827390012b245d947a4b46de
                                                                                                                                                                                                                                                                      • Instruction ID: f4a809ffef5dbb280db2a1221695e6fe13f1de602b2750c586cffc053698ad11
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f13111e9576ebb298db5b3a423682e425a5c878827390012b245d947a4b46de
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C41B432A0CA4699EB00EF24E8911FCB370EB54748FC49536DA4D43A59FF38E295CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA320F0 Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3668304517-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5ae2ee5f0160b626ef40acf76214a329a28e8277727c4167cd0b99ec913d1273
                                                                                                                                                                                                                                                                      • Instruction ID: c096a06eac3b74aef5243dfe9e525200c066a8509801aeb2a1b607f38271da40
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ae2ee5f0160b626ef40acf76214a329a28e8277727c4167cd0b99ec913d1273
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1110132E1D68282ED54A711E951A79A2B2EF88790FD44630E79D027D5FE7CD8908B60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBC4410 Relevance: 1.5, APIs: 1, Instructions: 38timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DAC6E20: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF72DA2327D), ref: 00007FF72DAC6E76
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DAC6E20: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF72DA2327D), ref: 00007FF72DAC6E8B
                                                                                                                                                                                                                                                                      • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF72DA23287), ref: 00007FF72DBC4441
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProcSystemTimes
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 368006440-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2a39012d376c24ebe239ef222a12a40e81cc74fe0e29b031d32ded52b94b9709
                                                                                                                                                                                                                                                                      • Instruction ID: b10d9373f1359ef7cca0795aaf643c84b621a4b00bc3a4eff83ac4038c40d7df
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a39012d376c24ebe239ef222a12a40e81cc74fe0e29b031d32ded52b94b9709
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4111807661DA848AC664DF15F49041AB7A1F7CCB88B40522AFA8E83B28DF3CD650CF04
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC010F0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF72DC02CFA,?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC01145
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                      • Opcode ID: fa34abb20e794e756ef6b5587f7d6f19936df431d17721f35460abfde1e1c238
                                                                                                                                                                                                                                                                      • Instruction ID: 786df818f9bf4666432d42f9745ee5661bbafea6e2272b9eca118f1c8ca04eac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa34abb20e794e756ef6b5587f7d6f19936df431d17721f35460abfde1e1c238
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F04901B0D20789FE687AA99C553B5C295DF88B82FC86435D90EC63C2FD2CE5C68A30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC0125C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,?,00007FF72DC06669,?,?,00000000,00007FF72DC010B7,?,?,?,00007FF72DC00BD7,?,?,?,00007FF72DC00ACD), ref: 00007FF72DC0129A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                      • Opcode ID: 175d4b89ab31686c49d4585ac5ea770e7c155183f44c652aca588092df315658
                                                                                                                                                                                                                                                                      • Instruction ID: bcc4cf0941b90502091524b4b555edf56ef6a35dbabda8b1d19e0b8c9f665a0c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 175d4b89ab31686c49d4585ac5ea770e7c155183f44c652aca588092df315658
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF03A00F1D24749FA553BA55C503B5E280DF857A2FC94634EC2EC53C1FD1CA4C28934
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA529F0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                      • Opcode ID: c66ce3cb3dc286aa1565f411fe3c68d22209824f1af2148d0e16cbdbc8b0d659
                                                                                                                                                                                                                                                                      • Instruction ID: 3abac7a801f1474c41b04aa4632b98a5b5276f7b577fdec14ea497228a42f57b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c66ce3cb3dc286aa1565f411fe3c68d22209824f1af2148d0e16cbdbc8b0d659
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F0122291CB8195DA10EB55F85006AB3A4F788BD4F944235EACD53B29FF7CD195CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21A70 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Startup
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 724789610-0
                                                                                                                                                                                                                                                                      • Opcode ID: 422d762837b6e6d4f0e4c322e7caf4e30be4a76fde28382abea317ec21eb72b3
                                                                                                                                                                                                                                                                      • Instruction ID: c7a86f2610d5b5e2b2d27c4e1f1e16ba83d66e2b1b85a04fc25afc37f7d2d194
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 422d762837b6e6d4f0e4c322e7caf4e30be4a76fde28382abea317ec21eb72b3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CE01A31E5DA4686FA60BB25EC663B9A360FB89344FC00436C54D46369FE2CE0068F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 00007FF72DB7F550 Relevance: 44.1, APIs: 13, Strings: 12, Instructions: 371fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$File$ExclusiveLock$AcquireInfoVersion$CloseCreateExceptionHandleHeaderQueryRaiseReleaseSizeValueWrite_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID: 6$Cannot query a .sys file version from PPL process '{}'$GetFileVersionInfoSizeW$GetFileVersionInfoW$Unable to make a .sys copy$VerQueryValueW$VerQueryValueW signature is invalid$asw$set_file_content$set_file_content '{}'$set_file_content content is too large$tmp
                                                                                                                                                                                                                                                                      • API String ID: 3080410690-613824156
                                                                                                                                                                                                                                                                      • Opcode ID: ba03cb1dc33f8e5db91fef2197077b7a9b71303ec077511034661c6c5e82c544
                                                                                                                                                                                                                                                                      • Instruction ID: f48947aedc7a8e47b8b71f755ed9686d55a2338b3a551ef807daf205c24dafa8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba03cb1dc33f8e5db91fef2197077b7a9b71303ec077511034661c6c5e82c544
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A027332A0CA8291EA20EB25EC647EDA360FB88744FD05136D69D436A5FF7CD585CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA27B70 Relevance: 33.6, APIs: 8, Strings: 11, Instructions: 316processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AttributesCloseErrorFileHandleLast$CreateProcess__std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID: --guid $6$@$Bugreporter dumper doesn't exist in path '$F386$F8E2$bugr$bugr$epor$epor$t
                                                                                                                                                                                                                                                                      • API String ID: 1408558107-49421660
                                                                                                                                                                                                                                                                      • Opcode ID: 57d36a763926d34af838dce082ed8facc5d70249eac37e87c12f6f56cc9ff626
                                                                                                                                                                                                                                                                      • Instruction ID: 7f50b7551d49113d8261895255557e819b6d37731fc0fc9c1e499614823956f6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57d36a763926d34af838dce082ed8facc5d70249eac37e87c12f6f56cc9ff626
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66F1913291CBC18AE720EF21DC447E9B370FB94758F804225EA4C56A99FF78D684CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5DB90 Relevance: 32.0, APIs: 7, Strings: 11, Instructions: 475COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process$AcquireCloseCurrentEnumErrorExclusiveFullHandleImageLastLockNameOpenProcessesQuery
                                                                                                                                                                                                                                                                      • String ID: ,$0398$0398$2$Cause: Process watcher, connected to previous dump$Connected process dump unsuccessful, error code {}$FA7D$FA7D$Unable to enumerate processes, error code {}$aswEngSrv.exe${}ToolsSvc.exe
                                                                                                                                                                                                                                                                      • API String ID: 3056747941-2539274476
                                                                                                                                                                                                                                                                      • Opcode ID: f043fc0f20b95938cb18eaadeefcf24c1e0c1b5a1de06a85150045d28c0a2e48
                                                                                                                                                                                                                                                                      • Instruction ID: 914e22ea274707675e451b57d3410267db2e8bd6ae23bbe907d058bdad1302b9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f043fc0f20b95938cb18eaadeefcf24c1e0c1b5a1de06a85150045d28c0a2e48
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED325F72A0CBC195E660EB15E840BEAF3B1FB89784F904135DA8D43A59EF3CD585CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4D1C0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 239threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CurrentEventExceptionHandlerRemoveThreadVectored
                                                                                                                                                                                                                                                                      • String ID: 1412$75B0$C$CrashHandler not installed.$Failed to uninstall crash hooks$Failed to uninstall vectored handler.
                                                                                                                                                                                                                                                                      • API String ID: 2178264447-3220243825
                                                                                                                                                                                                                                                                      • Opcode ID: 31839305f756fb4c9d388bcf455ddf1044684b75a508ca6c982eb13cca176252
                                                                                                                                                                                                                                                                      • Instruction ID: 9f1b71846f7dc88da277354e695dcae1563b4fdc9aa562f4075404394e927050
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31839305f756fb4c9d388bcf455ddf1044684b75a508ca6c982eb13cca176252
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DC18E72D1CB8586E711EF28E8446A9B7B0FB99748F405235EA8C02655FF3CE695CF20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5AC50 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 112memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72DA4D265), ref: 00007FF72DA5AC96
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72DA4D265), ref: 00007FF72DA5ACA6
                                                                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72DA4D265), ref: 00007FF72DA5ACCB
                                                                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72DA4D265), ref: 00007FF72DA5ACEC
                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72DA4D265), ref: 00007FF72DA5AD00
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ProtectVirtual$AddressExceptionFilterHandleModuleProcUnhandled
                                                                                                                                                                                                                                                                      • String ID: 75B0$CrashGuard global exception handler uninstalled$FB06$KERNEL32.DLL$SetUnhandledExceptionFilter
                                                                                                                                                                                                                                                                      • API String ID: 2655839047-1572630775
                                                                                                                                                                                                                                                                      • Opcode ID: 00a6007e73523997607153cb34a2b2ebd43ea2572429e2d80183653d8571ebb4
                                                                                                                                                                                                                                                                      • Instruction ID: 826bcaccfad6424ee23209edd7229a11a138de4bdc2423d5bd31acd62265bc26
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00a6007e73523997607153cb34a2b2ebd43ea2572429e2d80183653d8571ebb4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02515E72A0CB459AE754EF25D8407A8B3B0FB48B48F945035EA0D47758EF7CD985CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA36810 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                      • String ID: asw::settings::SettingsConfig::Lock
                                                                                                                                                                                                                                                                      • API String ID: 2061331858-4244600543
                                                                                                                                                                                                                                                                      • Opcode ID: a55ebf2ca24ab9a1bce9327ad06af4e818cbd854e0794d1c3f31c3f8638b4773
                                                                                                                                                                                                                                                                      • Instruction ID: 263d4a5c312989ef75bf08503cd972815b058b7be751bd3549ea0194fe3239b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a55ebf2ca24ab9a1bce9327ad06af4e818cbd854e0794d1c3f31c3f8638b4773
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F671A221A0DB8299EB40EF65DC146B8A3B1EF48788F848535D94D136A5FF7CE4458B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA60770 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                      • String ID: asw::crashguard::ProcessWatcher::Singleton::v1
                                                                                                                                                                                                                                                                      • API String ID: 2061331858-1811440512
                                                                                                                                                                                                                                                                      • Opcode ID: 2dcce4110282639c9350da56cba6cfba6514df93b0a16329892953543af0c549
                                                                                                                                                                                                                                                                      • Instruction ID: 92e8a328419c9a73b5cf37c8296fdb62db853d1845071fa5eae138fd7016e353
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dcce4110282639c9350da56cba6cfba6514df93b0a16329892953543af0c549
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28719422A0DB42D5FB10EBA5DC146B8A371EF48788F904139D95D126A8FF3CE4858BB0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7B1D0 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                      • String ID: asw::log::context::TlsIndex
                                                                                                                                                                                                                                                                      • API String ID: 2061331858-143919551
                                                                                                                                                                                                                                                                      • Opcode ID: 51bb9254ff14de94781bebfd5e08846c7764ef015c78e2f83dd313f03c0c3dd4
                                                                                                                                                                                                                                                                      • Instruction ID: 17e5f7587fd0fbb0ef78e37ad76f85f5eaea02b57be9228ee4a0ccbcd9eda876
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51bb9254ff14de94781bebfd5e08846c7764ef015c78e2f83dd313f03c0c3dd4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E717322A0DB4296FB10EFA5DC242BCA3A0EF48788F844135D95D536A5FF3CE5858B74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5F560 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155processnativesynchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseCurrentProcessProcess32$Concurrency::cancel_current_taskCreateFirstHandleNextObjectSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                                                                                      • String ID: list too long
                                                                                                                                                                                                                                                                      • API String ID: 1192480843-1124181908
                                                                                                                                                                                                                                                                      • Opcode ID: b0a3180cc7cbeff54242117e9feb343e0f059cc461ea482365a9f4d75379a73b
                                                                                                                                                                                                                                                                      • Instruction ID: b1671d86e5344c70bc8a170e4b92644c90b3fccb9c09dd2f5ba4eab34db51ee2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0a3180cc7cbeff54242117e9feb343e0f059cc461ea482365a9f4d75379a73b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE616232A0DB4186E710DF15E8506AAF7A4FB88B90F948135DE4D43BA8EF3CD945CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA36250 Relevance: 12.7, APIs: 10, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2061331858-0
                                                                                                                                                                                                                                                                      • Opcode ID: 31ed4011f1f579e282249809aeaf106886ed89ae4f0c9b59453ed68750a5a46f
                                                                                                                                                                                                                                                                      • Instruction ID: 18af2b7a7f60680cd82da01914a0fffae3a1ca697ce8921225405b65b72973db
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31ed4011f1f579e282249809aeaf106886ed89ae4f0c9b59453ed68750a5a46f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4371C321E0DA8295E740EBA5EC146B8A3B1FF48798F848535DE1D036A4FF7CE4858B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC09A48 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                                                                                      • API String ID: 1791977518-905460609
                                                                                                                                                                                                                                                                      • Opcode ID: a8ca10f37a5dee931fc024a45ae2db6cb105491d8547e82bf9ae0bd1e695e0de
                                                                                                                                                                                                                                                                      • Instruction ID: 9d13a2492e5f1187acf3f028d89666b82668af85fcf940360874b7dc855ac4c6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8ca10f37a5dee931fc024a45ae2db6cb105491d8547e82bf9ae0bd1e695e0de
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E917432A0C74289EB28BF19D8513B9A3A4EB54B81F884131DA4D47795FF3CE596CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC0A484 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2591520935-0
                                                                                                                                                                                                                                                                      • Opcode ID: 7407db3a76689b2a5d8c4b69b10bfedd7697c01c2af7f8f4955d31770f3bc3d9
                                                                                                                                                                                                                                                                      • Instruction ID: 630557b2e661d22892e60d2df9d5d9a7544da0d313b9b8dc8645166ffd448c9b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7407db3a76689b2a5d8c4b69b10bfedd7697c01c2af7f8f4955d31770f3bc3d9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95715A62B0C6028DEB15AFA9D8506B9A3B4FF44749F844035CA0D97695FF3CE886CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DAD0940 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 498COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID: @$Exception caught while distributing registry change notification
                                                                                                                                                                                                                                                                      • API String ID: 3668304517-2296025437
                                                                                                                                                                                                                                                                      • Opcode ID: 092bd7984ee26a5d09eabd77dedfe00adb27d88a5846cb73f3126adf246f025a
                                                                                                                                                                                                                                                                      • Instruction ID: a1351185a4474428ea2946f400a7a1b5bda0d23d3dd4a1d4b691ff63ea1b907b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 092bd7984ee26a5d09eabd77dedfe00adb27d88a5846cb73f3126adf246f025a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37128032B19B4589EB00EF65D8A15ACB370FB48B88FA44436EE4D13B59EF38D950C764
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBF1E34 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                      • Opcode ID: 827e7a59774805095390571979b04982cbed8b3d41abc9785a87729e00d2c2aa
                                                                                                                                                                                                                                                                      • Instruction ID: 5ee19a3e4746d3c15004c9ca18491b5afa0487b928f82b8dfd7b2d8d11a9c3d8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 827e7a59774805095390571979b04982cbed8b3d41abc9785a87729e00d2c2aa
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B31873261CB8189D760DF69EC502AEB3A4FB84794F940135EA9D43B98EF3CC146CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDDC30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF72DBDDCB3
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                      • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                      • Opcode ID: 58ff99e1f1e38b338a1053b32f0cde509baabbbdb7fa4238a023d2f3828047b9
                                                                                                                                                                                                                                                                      • Instruction ID: a141ce6dbce78178166dc8f93adaebc047d32852228c5c221578e062ee70d60c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58ff99e1f1e38b338a1053b32f0cde509baabbbdb7fa4238a023d2f3828047b9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9211BF3261CB8297E704AB26DD54779B2A0FF44344F844138C74D82A90FF3CE4A48B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC044D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                      • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                      • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                      • Opcode ID: 77754d8bb3a97c58e47152d7e0f794e1798a01736f0c57acb568ebd9ae2fa764
                                                                                                                                                                                                                                                                      • Instruction ID: bd7fe6d01fa2e3086ad7ce3a65130b9d0f65293a10dd56d02f921fe25d6113e0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77754d8bb3a97c58e47152d7e0f794e1798a01736f0c57acb568ebd9ae2fa764
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31018421B0C6818DE700AB4AF8005A6E761EF84BC0F948136DE0D57B69EF3CD5868BA0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC09D98 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DC02B20: GetLastError.KERNEL32 ref: 00007FF72DC02B2F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DC02B20: FlsGetValue.KERNEL32 ref: 00007FF72DC02B44
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DC02B20: SetLastError.KERNEL32 ref: 00007FF72DC02BCF
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF72DC0A587,?,00000000,00000092,?,?,00000000,?,00007FF72DBFD929), ref: 00007FF72DC09E36
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3029459697-0
                                                                                                                                                                                                                                                                      • Opcode ID: bf2af40eb7955857f5c6fc133541374c7a207fb8aff3e0f2c652524825b50eee
                                                                                                                                                                                                                                                                      • Instruction ID: cf263abc406387b1346ca0fd6cab5b5a2d8b4f6948929f0ffd60e8d822b7b298
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf2af40eb7955857f5c6fc133541374c7a207fb8aff3e0f2c652524825b50eee
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A11D873A0C6458DEB149F19D4402B8B7A0F790F91F888135D769433D4EE38DAD2CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC09E68 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DC02B20: GetLastError.KERNEL32 ref: 00007FF72DC02B2F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DC02B20: FlsGetValue.KERNEL32 ref: 00007FF72DC02B44
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DC02B20: SetLastError.KERNEL32 ref: 00007FF72DC02BCF
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF72DC0A543,?,00000000,00000092,?,?,00000000,?,00007FF72DBFD929), ref: 00007FF72DC09EE6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3029459697-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9a4b9e06f2044db9b26c10e4ed49321f26885f504ed4092419587d8db2185441
                                                                                                                                                                                                                                                                      • Instruction ID: b44bf76fe8000f1dd8b8247e6bda1b20e6a522a8400f82bd20060f9e608d5ae0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a4b9e06f2044db9b26c10e4ed49321f26885f504ed4092419587d8db2185441
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1701F962E0C2418EE7146F59E840779F2A1EB50796F889231C379432D4EF6899C2CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC03FF4 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF72DC0449F,?,?,?,?,?,?,?,?,00000000,00007FF72DC093D8), ref: 00007FF72DC04043
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                      • Opcode ID: 0379ef0ea1ff27b7d86364cff64a140eb1c9dea562b3dcdf877bc6422e7df32f
                                                                                                                                                                                                                                                                      • Instruction ID: c09ee3d274dbc889869303af3d4687b2bdcb9f724efcfadf04f0ebc9ead44890
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0379ef0ea1ff27b7d86364cff64a140eb1c9dea562b3dcdf877bc6422e7df32f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAF06D7160CB4187E600EB59FC401A9B371FB89780F949136EA4D83368EF3CD451CB20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB8BF70 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 165memorysleepregistryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$ErrorLast$ClassCriticalFreeSection$AllocDeleteHandleInfoInitializeModuleRegisterSleep
                                                                                                                                                                                                                                                                      • String ID: P${9C7565A2-47C2-4869-B388-8C7F9AD8E577}
                                                                                                                                                                                                                                                                      • API String ID: 1585186069-2048047006
                                                                                                                                                                                                                                                                      • Opcode ID: 379b04202f1cca844d3929abf66db98624407cbbbde78b2370e08e8c2e7dd8c2
                                                                                                                                                                                                                                                                      • Instruction ID: 2194a50afdefb2641e9b731dbbfbfc0587df369c5068dd5d41df7970ad56e335
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 379b04202f1cca844d3929abf66db98624407cbbbde78b2370e08e8c2e7dd8c2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A717121A1DB4285EA50BF65EC6416DE360FF88B85F90413ADA4D42768FF3CE481CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB8B310 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 164libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: GetModuleHandleW ({})$GetProcAddress ({})$GetProductInfo$RtlGetVersion$Unable to convert processor architecture ({}) to platform enumeration!$kernel32$ntdll
                                                                                                                                                                                                                                                                      • API String ID: 1762409328-1915291428
                                                                                                                                                                                                                                                                      • Opcode ID: de290f97a9d63e33238c0138a3a57809c76ef4e28289d9f26ec04a6206976434
                                                                                                                                                                                                                                                                      • Instruction ID: 1d118c8bf529b7cba75eace9a0598fe22e7316cca2ecb5b57b74ad09c8bc1732
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de290f97a9d63e33238c0138a3a57809c76ef4e28289d9f26ec04a6206976434
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1816032A0CA4699EB50AF74D8647FCB3A1EB44708FD4803AD64D46A98FF38E145CB74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA287B0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 279memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$CriticalSection$AllocFree$ClassDeleteEnterErrorInitializeLast_invalid_parameter_noinfo_noreturn$HandleInfoLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: asw::settings::SettingsConfig::Lock$asw::settings::SettingsConfig::ProductPluginLoadFn$asw::settings::SettingsConfig::ProductPluginUnloadFn
                                                                                                                                                                                                                                                                      • API String ID: 3963010532-3014327910
                                                                                                                                                                                                                                                                      • Opcode ID: 96297fefe7190c44985da2c47a098ff50cf096f78b897afe1c8bae56b8acae8b
                                                                                                                                                                                                                                                                      • Instruction ID: ea10fb00a25d37eb8a40bc880b63b4c09e30e2d9a51843ce01bd990b488b1075
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96297fefe7190c44985da2c47a098ff50cf096f78b897afe1c8bae56b8acae8b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7C15E32A0DB4186EA10EF26EC54A6DB3B4FB48B84F914135DA8D53761FF38E891C760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB80A50 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorFindLastVolume$CloseDeviceExceptionFileFirstHeaderNextQueryRaise
                                                                                                                                                                                                                                                                      • String ID: 5$Unable to convert NT path '{}' to a volume GUID path!$Unable to enumerate volumes!$\Device\LanmanRedirector\$\\?\
                                                                                                                                                                                                                                                                      • API String ID: 4019560660-74990000
                                                                                                                                                                                                                                                                      • Opcode ID: ebb961cb62f923a57aa9b7424109b55b0df63b1acb1b26fec003c227e58f3243
                                                                                                                                                                                                                                                                      • Instruction ID: 166307fb1bd0c3d5533126b4791e410812a1a86c7917e6dee5159337d4a3a395
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebb961cb62f923a57aa9b7424109b55b0df63b1acb1b26fec003c227e58f3243
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCA1F822E1CB4685EB10EB64DC502EDA370FB94398F905235EA4D53AA5FF3CE585CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC02B20 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast$Heap$AllocateFree
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3174826731-0
                                                                                                                                                                                                                                                                      • Opcode ID: 16fad19486866f5bda6861b05c719221ab4c2f5ac1244dea380e630f1e3c1d01
                                                                                                                                                                                                                                                                      • Instruction ID: 8862756941a1aa432dbfe2f31196dedd6eee9983fe1d976f34a104cffd872d29
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16fad19486866f5bda6861b05c719221ab4c2f5ac1244dea380e630f1e3c1d01
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD414C11E0C6034AFA5977696C5517AD241CF447B2FD88739E93E466CAFE2CB4C24A70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB73640 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateEqualErrorInitializeLast
                                                                                                                                                                                                                                                                      • String ID: AllocateAndInitializeSid
                                                                                                                                                                                                                                                                      • API String ID: 1751546778-3342039254
                                                                                                                                                                                                                                                                      • Opcode ID: 1c89ddf425d2d028361356093f948675dee4d3264adf84743e5bf2ba37bb02bd
                                                                                                                                                                                                                                                                      • Instruction ID: 1387184cb878b239c2e28f919a4e966ae5d0d7c356bbac816802a8c521f1660d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c89ddf425d2d028361356093f948675dee4d3264adf84743e5bf2ba37bb02bd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66B16632A18B828AEB20DF69EC5029DB774FB44B44F904136EA4D47B68EF38D545CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB81820 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 95fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                      • String ID: \\.\ASWSP_Open$\\.\AVGSP_Open$\\.\AVRSP_Open$\\.\NLLSP_Open$mtps
                                                                                                                                                                                                                                                                      • API String ID: 1177325624-1521275592
                                                                                                                                                                                                                                                                      • Opcode ID: 13bac28d6854c21b6595c63f76c6bba8fb156956d2247a194ec2b0757dc17a10
                                                                                                                                                                                                                                                                      • Instruction ID: 1e503b32e8b0b0021baf7d90f8b04f007470198593d904604f59b65dfecadfa7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13bac28d6854c21b6595c63f76c6bba8fb156956d2247a194ec2b0757dc17a10
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E751EA3250DB818AE7609B54F85436EF7A4F7853A4F900239E6D982BA8EF7DD445CF20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA388B0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                      • API String ID: 4121308752-1062449267
                                                                                                                                                                                                                                                                      • Opcode ID: 5f715c2fe9296aa74df03618d465a7576b574ff1402b788294f4e22b1936b3ac
                                                                                                                                                                                                                                                                      • Instruction ID: f617618b4fe50235271b4cb49feb7f7fecc18bbc0b6770b755f1907516ec7ab2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f715c2fe9296aa74df03618d465a7576b574ff1402b788294f4e22b1936b3ac
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0616D22A0D7818AE751EF70D8606BCB7B6EF84744F844534EA8C23A59EF78E451CB74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB71F50 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: GetModuleHandleW ({})$GetProcAddress ({})$NtQueryInformationProcess$Unable to retrieve basic process information!$ntdll
                                                                                                                                                                                                                                                                      • API String ID: 1762409328-3868107524
                                                                                                                                                                                                                                                                      • Opcode ID: 7275592e3d1e78306718388a586dfad0c7ef8bed03c10d6d026e0b0caff77acd
                                                                                                                                                                                                                                                                      • Instruction ID: 55043e6abe531d6899b61203f792ecb6fd8348490529c296cf1b3d2c81f573be
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7275592e3d1e78306718388a586dfad0c7ef8bed03c10d6d026e0b0caff77acd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9413F22A1CA8695EA50AB14FC647AAF360FF84784FD05036E58D46669FF3CE149CF30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA47A00 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 361COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocale_invalid_parameter_noinfo_noreturnstd::locale::_
                                                                                                                                                                                                                                                                      • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                                                                                                                      • API String ID: 1468110720-1689078516
                                                                                                                                                                                                                                                                      • Opcode ID: cfe394a692fb1bd2b2a563113d3b3e45942c0b6bd42a78547c8dd85d91cceb76
                                                                                                                                                                                                                                                                      • Instruction ID: 6c52c25eace0e469ca800a8e9437c6fb5964bf99fa55da64cf1cee9079caeba6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfe394a692fb1bd2b2a563113d3b3e45942c0b6bd42a78547c8dd85d91cceb76
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F19222A1CBC185E720DB65E854ABDB7B1FB84744F904136DA8D03B99EF3CE945CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7FE40 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CurrentFileMappedNameProcess
                                                                                                                                                                                                                                                                      • String ID: Unable to get the path of the module!$Unable to retrieve the path of the module!$Unable to store the path of the module!
                                                                                                                                                                                                                                                                      • API String ID: 1207367512-2385983247
                                                                                                                                                                                                                                                                      • Opcode ID: 0d9f27b200586d2be856b1df89d4843ffc8f5a393081953dc0bb690f18de53bc
                                                                                                                                                                                                                                                                      • Instruction ID: 4d1e81c759833e1a3258887161b49d0dcb255567a759b9fdeb8a0f51016fbfd7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d9f27b200586d2be856b1df89d4843ffc8f5a393081953dc0bb690f18de53bc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3361C332A1CAC281E660EB14E8247EEE361FB98780F904136D6CD47A59EF7CD585CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDBBB4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,00000001,00007FF72DBDBD7F,?,?,?,?,?,00007FF72DA8E439,?,?,?,?,?,00007FF72DA9CE1F), ref: 00007FF72DBDBBF0
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000001,00007FF72DBDBD7F,?,?,?,?,?,00007FF72DA8E439,?,?,?,?,?,00007FF72DA9CE1F), ref: 00007FF72DBDBC08
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000001,00007FF72DBDBD7F,?,?,?,?,?,00007FF72DA8E439,?,?,?,?,?,00007FF72DA9CE1F), ref: 00007FF72DBDBC1B
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000001,00007FF72DBDBD7F,?,?,?,?,?,00007FF72DA8E439,?,?,?,?,?,00007FF72DA9CE1F), ref: 00007FF72DBDBC2E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                      • String ID: WaitOnAddress$WakeByAddressAll$WakeByAddressSingle$api-ms-win-core-synch-l1-2-0.dll
                                                                                                                                                                                                                                                                      • API String ID: 667068680-629889153
                                                                                                                                                                                                                                                                      • Opcode ID: a585d7564c4f57829a4f644aff2f5b0872e177cde89f81cc6ae7a87734313c07
                                                                                                                                                                                                                                                                      • Instruction ID: eec5d3ae9d32d05128df0225b6dd6a3571e34884e4aa6150a9796b87cf23e664
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a585d7564c4f57829a4f644aff2f5b0872e177cde89f81cc6ae7a87734313c07
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6112124A0DB8295EA15AB45BCA0569E6A1FF49B84F98403AD90D43764FE3CE481CF74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBF26C8 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: 0$f$p$p
                                                                                                                                                                                                                                                                      • API String ID: 3215553584-1202675169
                                                                                                                                                                                                                                                                      • Opcode ID: 45ed7d549bc9ad886f60ea4771d0dd958f0a556d16dcc4afde3c05d49c3ab067
                                                                                                                                                                                                                                                                      • Instruction ID: a7c828a7186a91d5b73becb479ee68d7c4344e2aeba4aa9fcca9c403ae9b4dc1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45ed7d549bc9ad886f60ea4771d0dd958f0a556d16dcc4afde3c05d49c3ab067
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B127072E0D1438AFB24BA1598642FDB651EB40750FD4C136FA99866C4EF3CE5809FB4
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA95A50 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 386synchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandleObjectSingleWait__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: Binary Serialization Module already unloaded.$asw::event_routing::rpc::GenericEventSender: rpcEndpoint is NULL.$lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                      • API String ID: 1283933882-2354737281
                                                                                                                                                                                                                                                                      • Opcode ID: 4e5107703d8d9e437114915a7932af81c6bbfce3206150170c474480fde6418c
                                                                                                                                                                                                                                                                      • Instruction ID: 5a275572047aeda2699d1e572a8c631ff9118e172c8f3db3e2b29b7b8b4dc2b8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e5107703d8d9e437114915a7932af81c6bbfce3206150170c474480fde6418c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0025D32A0CB4585EB10EF25EC506A8B3B5FB84B84F988436DA4D47769EF3CD945CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA4A050 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                      • API String ID: 3230409043-1062449267
                                                                                                                                                                                                                                                                      • Opcode ID: f0e35c4dd07d5aaefce4abe5eb505d287ce9647a2349a1c1671ee2e383f69866
                                                                                                                                                                                                                                                                      • Instruction ID: 0ea01fdb313ba8581f2ab6f4d602b4f019348d42fde860af9b6903bc7ed99252
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0e35c4dd07d5aaefce4abe5eb505d287ce9647a2349a1c1671ee2e383f69866
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D818222A0CB818AE710EF30E8506EDB7B4FF94748F944135EA8D17A59EF38D591DB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBED0FC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: f$p$p
                                                                                                                                                                                                                                                                      • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                                                      • Opcode ID: 80d8a9cba0b2958c1a2a082f2cb42fc497e904ebda20bc47e48a5768b67501fb
                                                                                                                                                                                                                                                                      • Instruction ID: 434dcb3216081c4ff48f25dc50c1f0fea83cce11977025f43139861ddaede7ca
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80d8a9cba0b2958c1a2a082f2cb42fc497e904ebda20bc47e48a5768b67501fb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8128262E0C1D386FB20BB15D86467EE6A2EB58754FC44135E6CA476C4EEBCE5808F70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA24660 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                      • API String ID: 1386471777-1405518554
                                                                                                                                                                                                                                                                      • Opcode ID: 229d426dccdfb82b5095ff622cd559765c78eb7eb3d888c8cc77709c7aca11ce
                                                                                                                                                                                                                                                                      • Instruction ID: a991ec942817bd862bbaf2e402b5143eb9a23a13af4ea47566defdb850331302
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 229d426dccdfb82b5095ff622cd559765c78eb7eb3d888c8cc77709c7aca11ce
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23518D22B0DB818AEB10EFB1D8506ADB375FF54784F444135DE8D23A56EF38E4568B60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA24290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: bad locale name$false
                                                                                                                                                                                                                                                                      • API String ID: 2967684691-2236580902
                                                                                                                                                                                                                                                                      • Opcode ID: 5fc578dd94ca33a8b56e81708cc539a6e842ef00b5b23a4a4cbf6e85c5f83635
                                                                                                                                                                                                                                                                      • Instruction ID: 81fb5eedc6608b9e26949cbd6dd252a36196b184df29559d3a7063ea6f67a0cb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fc578dd94ca33a8b56e81708cc539a6e842ef00b5b23a4a4cbf6e85c5f83635
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4518E22B0DB818AEB14EFA1E8606EC7374EF50788F444435DE8D22A59EF38D5569760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7ED20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7E2A0: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF72DB7FA9B), ref: 00007FF72DB7E2D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7E2A0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF72DB7FA9B), ref: 00007FF72DB7E2DE
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7E2A0: GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF72DB7FA9B), ref: 00007FF72DB7E2F8
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7E2A0: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF72DB7FA9B), ref: 00007FF72DB7E310
                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32 ref: 00007FF72DB7ED77
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00007FF72DB7ED95
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00007FF72DB7EDD6
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateFile$AttributesDirectory
                                                                                                                                                                                                                                                                      • String ID: *$Unable to create directory '{}'!$Unable to open directory '{}' for writing!
                                                                                                                                                                                                                                                                      • API String ID: 2112330871-2911474180
                                                                                                                                                                                                                                                                      • Opcode ID: 75f73bbb606b49f80edec4422a8deb18f8cd75d436f400d42239909476a5d86b
                                                                                                                                                                                                                                                                      • Instruction ID: 26891ac8808b4bb16f851cd589335a23cd045830c41a64922d3dba5e6dbef9cc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75f73bbb606b49f80edec4422a8deb18f8cd75d436f400d42239909476a5d86b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1021513250CA4782EB20EB54F8647A9F360FB84358F904635E6AC476A8EF7DD549CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDC984 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                                                                                                                      • Opcode ID: c2681b1adc5bb7c5ae8cf25a35ee93f36553bf32b63b52929a071175adefbee8
                                                                                                                                                                                                                                                                      • Instruction ID: f3c0526ee8d658b5af4d16b24ad3408726b8b833637acb5355cc53c6c72e13c7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2681b1adc5bb7c5ae8cf25a35ee93f36553bf32b63b52929a071175adefbee8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6281C53260C74246EB209F55A86037DE291FF887A8F984235EA5D07BC8EF3CD4418B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBE6A60 Relevance: 9.2, APIs: 6, Instructions: 161COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 168861036-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1e15e2cecd04b5f1d514b6d2d6e46a333a0b085779b2c35f11282ac35e3e7a17
                                                                                                                                                                                                                                                                      • Instruction ID: 9a308e9497ba42c09174bc1d575ccbe848c8d72920b74ce50dc9e5d0296c09c7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e15e2cecd04b5f1d514b6d2d6e46a333a0b085779b2c35f11282ac35e3e7a17
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9716872A0CA9299E701AF64DC502BCB7A5FB88748FD08436CA4D17796EF78E441CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA37790 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702003507-0
                                                                                                                                                                                                                                                                      • Opcode ID: 662b36f7610baf8c0a618381952d51a5e6f0a5c96a5d2f0f6d126e2e2c85da2d
                                                                                                                                                                                                                                                                      • Instruction ID: 93e0c57e34acb6f668f3a940bfd60f6b116230cbfe83457eece117d5f522b075
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 662b36f7610baf8c0a618381952d51a5e6f0a5c96a5d2f0f6d126e2e2c85da2d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36416D61A0CA4181EA50AB15EC50979F3B1FF99BD4FC48136DA4D07795EE7CE891CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA358F0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                      • Opcode ID: ff03e63e51b8faf6e837eb1bb25b861a8d8e82c4bcda496526ce33effc277d7b
                                                                                                                                                                                                                                                                      • Instruction ID: 4bed8f253cd7e77c9a1d986ae37d1ee5a40176f665655e7dbd42b236546ff7a9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff03e63e51b8faf6e837eb1bb25b861a8d8e82c4bcda496526ce33effc277d7b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD314F21A0CA0181EA10BB15EC5056AF3B1FB98BA4FC44232E99D077A5FF7CE4018F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA37FF0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1ffb996c524525d8d5bcc18bbca8c6f531bfc0979955dc5d76838c5c6660ed8a
                                                                                                                                                                                                                                                                      • Instruction ID: 27b845e7c91468e57f21b520669392454357b6a167dbc210ec0350ba02c829b3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ffb996c524525d8d5bcc18bbca8c6f531bfc0979955dc5d76838c5c6660ed8a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3314E21A0CA0181EA50BB25EC50579E3A1EF89BD4F944232E98D077A5FE7CE9418F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA2F450 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4ea2417258d676f7a1eebffa18b98c5ce842b0d198ec6b621b47c685a6f7c92c
                                                                                                                                                                                                                                                                      • Instruction ID: 1b1f0b529d7a9148d8756de933707b79ecddfc17d8cbaf052a1441b65d000318
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ea2417258d676f7a1eebffa18b98c5ce842b0d198ec6b621b47c685a6f7c92c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57314321A0DA0181EA10BB16EC5456AF3B0FB98794F940232E59D57795FF3CE4418F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC02C98 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC02CA7
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC02CDD
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC02D0A
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC02D1B
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC02D2C
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF72DBF2289,?,?,?,?,00007FF72DC01254), ref: 00007FF72DC02D47
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                      • Opcode ID: 09842aa40f1ce64ef43ccaffd2b0347c54427fda5bf59423b03953e4670c792d
                                                                                                                                                                                                                                                                      • Instruction ID: 72d9102f0472e484f4959d7ee755e0ff82be637844f1957aa5ba945406bff78c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09842aa40f1ce64ef43ccaffd2b0347c54427fda5bf59423b03953e4670c792d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A11A120A0D6424AFA5573696D4513AD141DF447B2FD48734E82E477CAFE3CA4C38EB0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB81080 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindVolumeClose.KERNEL32 ref: 00007FF72DB81598
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA28681), ref: 00007FF72DBDCE00
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCD80: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA286BC), ref: 00007FF72DBDCD90
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCD80: ReleaseSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA286BC), ref: 00007FF72DBDCDD0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCDF0: SleepConditionVariableSRW.KERNEL32(?,?,000002D55D476B10,00007FF72DA28681), ref: 00007FF72DBDCE25
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB80A50: FindFirstVolumeW.KERNEL32 ref: 00007FF72DB80AA7
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB80A50: QueryDosDeviceW.KERNEL32 ref: 00007FF72DB80B41
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB80A50: FindNextVolumeW.KERNEL32 ref: 00007FF72DB80B99
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB80A50: GetLastError.KERNEL32 ref: 00007FF72DB80BA7
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB80DF0: GetVolumePathNamesForVolumeNameW.KERNEL32 ref: 00007FF72DB80EA4
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB80DF0: GetVolumePathNamesForVolumeNameW.KERNEL32 ref: 00007FF72DB80EE8
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA2DE60: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72DA2DEC1
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Volume$ExclusiveFindLock$AcquireNameNamesPath$CloseConditionDeviceErrorFirstLastNextQueryReleaseSleepVariable_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                      • String ID: WSL Process$\Device\LanmanRedirector\$\Device\Mup\$\SystemRoot\
                                                                                                                                                                                                                                                                      • API String ID: 770235595-1440995083
                                                                                                                                                                                                                                                                      • Opcode ID: b9bbfbf4761210f7c77576c601e3417f3b00ad99b9c5e38b3e9f16a443f3b499
                                                                                                                                                                                                                                                                      • Instruction ID: a62ff5b47ae0568cfca05a2e1378c96691a92289d85e8e384a6e7dfccf5f943b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9bbfbf4761210f7c77576c601e3417f3b00ad99b9c5e38b3e9f16a443f3b499
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCD1A32290DB8281EA60EB11EC507BDB361FB95794F805136DA8D536A6FF3CE584CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA966C0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 253synchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DA273E0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: LeaveCriticalSection.KERNEL32 ref: 00007FF72DA27421
                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF72DA967DD
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00007FF72DA967FF
                                                                                                                                                                                                                                                                      • __std_exception_destroy.LIBVCRUNTIME ref: 00007FF72DA96A68
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1B4
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1D5
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: LeaveCriticalSection.KERNEL32 ref: 00007FF72DB7D1FF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: Attempt to unload a module which is still used by another$lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                      • API String ID: 2856244963-1128605786
                                                                                                                                                                                                                                                                      • Opcode ID: d20753252b37aa71dfa9e92c0dde6bd9dad465f663dd6e2e84a5f8679e44c371
                                                                                                                                                                                                                                                                      • Instruction ID: 7a5bb2587479cf9da5b3d29ff93baf073afcc830b359dc808cf3bc1e9184fc83
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d20753252b37aa71dfa9e92c0dde6bd9dad465f663dd6e2e84a5f8679e44c371
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41B17F32A0CB8185EB10EF25EC905ADB3B1FB84B84F984536EA4D43765EF38D955CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA95690 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 253synchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DA273E0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA27380: LeaveCriticalSection.KERNEL32 ref: 00007FF72DA27421
                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF72DA957AD
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00007FF72DA957CF
                                                                                                                                                                                                                                                                      • __std_exception_destroy.LIBVCRUNTIME ref: 00007FF72DA95A38
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1B4
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72DA2E4F1), ref: 00007FF72DB7D1D5
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D160: LeaveCriticalSection.KERNEL32 ref: 00007FF72DB7D1FF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: Attempt to unload a module which is still used by another$lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                      • API String ID: 2856244963-1128605786
                                                                                                                                                                                                                                                                      • Opcode ID: 13c88d3dce940e0fcb43d37b2ef79bb9040bcc769d8b7ce4f4521fed4ec6c950
                                                                                                                                                                                                                                                                      • Instruction ID: fb6729fd36cf74804bf3eb5f5c0b05ef3030c802993a39d60b6d4f903b645f1c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13c88d3dce940e0fcb43d37b2ef79bb9040bcc769d8b7ce4f4521fed4ec6c950
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EB19E32A0CB4185EB10EF25EC505ADB3B1FB84B94F944436EA4D43769EF38D956CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA26CA6 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: to_narrow<wchar_t> invalid arguments$to_narrow<wchar_t>::WideCharToMultiByte
                                                                                                                                                                                                                                                                      • API String ID: 2551222438-1534530176
                                                                                                                                                                                                                                                                      • Opcode ID: eaf2edb54fdf344176cc7f39f23aa7f07d6d1445d02c5f2c78a2622254b62469
                                                                                                                                                                                                                                                                      • Instruction ID: 3651620bfc883033c23fecd5387c8b641d5bbaeff70881d248c94a8d95602f75
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eaf2edb54fdf344176cc7f39f23aa7f07d6d1445d02c5f2c78a2622254b62469
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D651E822A0DB8682EB10AB29EC54569A770FF94794F984135DB4C13AA4FF3CD991CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7E7F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnvironmentExpandStrings
                                                                                                                                                                                                                                                                      • String ID: %TMP%$Unable to expand %TMP{} environment variable!
                                                                                                                                                                                                                                                                      • API String ID: 2871630417-2940734617
                                                                                                                                                                                                                                                                      • Opcode ID: 457ea91f944cae8393c674447593137c17638e59b6cdb02e683d964a588385d5
                                                                                                                                                                                                                                                                      • Instruction ID: 7eacd101b2cafe9c9934ad6ffe5126c370be25a747e13b2c8e6004e9f1d064dc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 457ea91f944cae8393c674447593137c17638e59b6cdb02e683d964a588385d5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E451932261CAC392EA30AB14E8643EDE360FB84780F908532D69D47A59FF7CD585CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA28E8F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorHandleLastModule
                                                                                                                                                                                                                                                                      • String ID: --product 5$GetModuleHandleW ({})$user32
                                                                                                                                                                                                                                                                      • API String ID: 4242514867-343301812
                                                                                                                                                                                                                                                                      • Opcode ID: 89a565054a88062d09c23707a37f0c71ddc8a0944d36c717d6066ef17c3306f1
                                                                                                                                                                                                                                                                      • Instruction ID: 60121397e05bd6de2b8a5811384de57b18f9927feebd2312dda7a6c373df4ea9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89a565054a88062d09c23707a37f0c71ddc8a0944d36c717d6066ef17c3306f1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D317522E1CA429AFB10EBA4EC545EDA370FB98308F905135DA4D52A99FF3CD545CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA5F940 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                      • String ID: '$0398$FA7D$Kernel dump unsuccessful, error code {}
                                                                                                                                                                                                                                                                      • API String ID: 3997070919-2761592548
                                                                                                                                                                                                                                                                      • Opcode ID: 5737af88782b9b99bbeae16efd8fff63c75528c5d106a112ce9c71a2d903a5a5
                                                                                                                                                                                                                                                                      • Instruction ID: 4979af50fc93c82e847c4c753f8f9a153064c29c05f6dbf4a71e2ec13058bd1f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5737af88782b9b99bbeae16efd8fff63c75528c5d106a112ce9c71a2d903a5a5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0216972A0CB8586E724DB19E840B69B7B0F7C9B80F548125EA8D43754EF3CD985CF61
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC03340 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                      • Opcode ID: b7c443986637a9900248e6ea1d74bb032be693d86c156051936272d02b624c8b
                                                                                                                                                                                                                                                                      • Instruction ID: 06e323d8163c6427775af3b5aecfb04bbc0f8d51f205e30621d29b7c61195670
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7c443986637a9900248e6ea1d74bb032be693d86c156051936272d02b624c8b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E381C62290CA464DF637AB3CAC4027AE650EF45355F844231EA9E265A5FF3CE5C38E30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA28BD0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00007FF72DA21B7D), ref: 00007FF72DA28BFA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA31710: EnterCriticalSection.KERNEL32 ref: 00007FF72DA31756
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA31710: GetProcessHeap.KERNEL32 ref: 00007FF72DA31793
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA31710: HeapFree.KERNEL32 ref: 00007FF72DA3181D
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA31710: LeaveCriticalSection.KERNEL32 ref: 00007FF72DA3182F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterHeap$FreeLeaveProcess
                                                                                                                                                                                                                                                                      • String ID: asw::settings::SettingsConfig::ProductPluginLoadFn$asw::settings::SettingsConfig::ProductPluginUnloadFn$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni
                                                                                                                                                                                                                                                                      • API String ID: 459308956-613270485
                                                                                                                                                                                                                                                                      • Opcode ID: 07020ec120246c1d895aa2c292ac4b91b06c85e631405fa1bb1f63af8b011c68
                                                                                                                                                                                                                                                                      • Instruction ID: b66d078669fa332bea98622e0f6fdfa7ef28286dd51e479c0d8db84ff6dc8156
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07020ec120246c1d895aa2c292ac4b91b06c85e631405fa1bb1f63af8b011c68
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A518321A1DA4295EA14BF16EC448BAE371FF84784F840132E94E07665FF7CE9418B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBE6594 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 826178784-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3a05b8d3083cfb7eef2069f5142eaedcb8ddc49f1f86be000f290b59942dcae2
                                                                                                                                                                                                                                                                      • Instruction ID: d2bd2ba857d3affc2f878b4ceb2638b23c0a302952878a35444dbfd6be394ea2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a05b8d3083cfb7eef2069f5142eaedcb8ddc49f1f86be000f290b59942dcae2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC417C22A1CAD298E700EB21DC601FCB7A4FB58B84BD44832DA5D53396EF38E505CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7B0A0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetModuleHandleW.KERNEL32 ref: 00007FF72DB8BFE2
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetClassInfoExW.USER32 ref: 00007FF72DB8BFF3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetLastError.KERNEL32 ref: 00007FF72DB8C001
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: Sleep.KERNEL32 ref: 00007FF72DB8C00E
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C027
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapAlloc.KERNEL32 ref: 00007FF72DB8C042
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: InitializeCriticalSection.KERNEL32 ref: 00007FF72DB8C064
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C06A
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C080
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: RegisterClassExW.USER32 ref: 00007FF72DB8C09F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapFree.KERNEL32 ref: 00007FF72DB8C0CA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: DeleteCriticalSection.KERNEL32 ref: 00007FF72DB8C0E3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C0E9
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapFree.KERNEL32 ref: 00007FF72DB8C105
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetLastError.KERNEL32 ref: 00007FF72DB8C116
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 00007FF72DB7B0E1
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00007FF72DB7B117
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32 ref: 00007FF72DB7B184
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DB7B196
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA2B010: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DA3A1E4,?,?,?,?,?,?,00000000), ref: 00007FF72DA2B03F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBF1908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72DBF192D
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: asw::log::context::TlsIndex
                                                                                                                                                                                                                                                                      • API String ID: 1441953332-143919551
                                                                                                                                                                                                                                                                      • Opcode ID: 91079f6c9c188147662e441c08fe47bb8ccfd759dec3a67fe1c0525f2baeb934
                                                                                                                                                                                                                                                                      • Instruction ID: 4570d8135212f9fab6721f47617ee6f96c5f4ce5150e37254ee88f16f03170d7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91079f6c9c188147662e441c08fe47bb8ccfd759dec3a67fe1c0525f2baeb934
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8331612261DB4186EA50EF56FC5416AF3A4FB99BC0F844435EA8E43729EF3CE4418B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC02D60 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF72DBF1DC3,?,?,00000000,00007FF72DBF205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF72DBF1FEA), ref: 00007FF72DC02D7F
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF72DBF1DC3,?,?,00000000,00007FF72DBF205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF72DBF1FEA), ref: 00007FF72DC02D9E
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF72DBF1DC3,?,?,00000000,00007FF72DBF205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF72DBF1FEA), ref: 00007FF72DC02DC6
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF72DBF1DC3,?,?,00000000,00007FF72DBF205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF72DBF1FEA), ref: 00007FF72DC02DD7
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF72DBF1DC3,?,?,00000000,00007FF72DBF205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF72DBF1FEA), ref: 00007FF72DC02DE8
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                      • Opcode ID: de23be410bbc922878585b3315f1ce51613289556c79633167928f0c9bc366d3
                                                                                                                                                                                                                                                                      • Instruction ID: 78428e92970648fb47719034e15ec172f4fb492b1f7dcb927817a2aa2cea4810
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de23be410bbc922878585b3315f1ce51613289556c79633167928f0c9bc366d3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72116011E0D64249F959732D6D4517AD141DF443B2FD88335E97D466CAFE3CA4C38A70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA38780 Relevance: 7.5, APIs: 5, Instructions: 46fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1177325624-0
                                                                                                                                                                                                                                                                      • Opcode ID: 05bca94fc9ecedc63a5a5d5e75427669ac9654afb3b2da4e1f50cb57b9493237
                                                                                                                                                                                                                                                                      • Instruction ID: 3e7eb268e0a611e3564e2ab366163b09a9d1e2b7099469a92013b867bba2833c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05bca94fc9ecedc63a5a5d5e75427669ac9654afb3b2da4e1f50cb57b9493237
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3117231A0C64286E760AB65FC5452AF2A4FBC47E4F905239EAAD03B94EF3CD4418F60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB80DF0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Volume$NameNamesPath$ErrorLast
                                                                                                                                                                                                                                                                      • String ID: Unable to retrieve volume paths for volume '{}'!
                                                                                                                                                                                                                                                                      • API String ID: 1243668693-190204307
                                                                                                                                                                                                                                                                      • Opcode ID: 2034f957ddcd8b5821fdb759ce654ccc302cce9956f6b95dac8c8b54438dfec7
                                                                                                                                                                                                                                                                      • Instruction ID: c400e153202dd1eb3a9f3c1812f21d8aa3b69323ec0e6831142ba16f8334df44
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2034f957ddcd8b5821fdb759ce654ccc302cce9956f6b95dac8c8b54438dfec7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44718F22F08B459AE700DFB1D8506ED73B1EB54B8CF805526DE4C63A59EF38D195C7A0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB8C210 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: onexit_register_connector_avast_2${9C7565A2-47C2-4869-B388-8C7F9AD8E577}
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-1060404012
                                                                                                                                                                                                                                                                      • Opcode ID: c405af325c663d717a762beb4ddf0e264667cbed0b8b5ae6cbfef37acff54daf
                                                                                                                                                                                                                                                                      • Instruction ID: a689ba74e74f4dcde04a3794f2aa303ff88007f2b3ff03e1abd2d6e48c5ea94f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c405af325c663d717a762beb4ddf0e264667cbed0b8b5ae6cbfef37acff54daf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2618F32619B4186E750DF25EC90669B3A4FB84B90F94813ADA8E43760EF3CD485CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA38B10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                      • API String ID: 2775327233-1405518554
                                                                                                                                                                                                                                                                      • Opcode ID: e7c9580214c5defe97585ba3431cdd07fb6fdad1ac3cf0e3351dead2b6e4a1e8
                                                                                                                                                                                                                                                                      • Instruction ID: e319c97a231124ea85e3c311625313c9d582c0cb2cd7639d8978dd698fb3478f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7c9580214c5defe97585ba3431cdd07fb6fdad1ac3cf0e3351dead2b6e4a1e8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F418B32B0EB4189EB50EF74D8A0AEC7375EF44788F884435EE4C23A55EE38D5629764
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB8BAC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: EnvironmentErrorLastVariable
                                                                                                                                                                                                                                                                      • String ID: -$Unable to retrieve environment variable '{}'!
                                                                                                                                                                                                                                                                      • API String ID: 3114522214-584169599
                                                                                                                                                                                                                                                                      • Opcode ID: 0b8e4ee58d460b74e70b659f00379c924120d05e0bca0429c9b89718fa81f8a4
                                                                                                                                                                                                                                                                      • Instruction ID: 9f495945d34e53fea1e81ab3e994ff296cccbba32089cf7972b68265451eb377
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b8e4ee58d460b74e70b659f00379c924120d05e0bca0429c9b89718fa81f8a4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7317232A1CB8581E750AB25E86436EB3A0FB88784F945135EA8D43758EF3CE5958F60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB85C20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseDeleteErrorLastOpenValue__std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: Cannot delete registry value
                                                                                                                                                                                                                                                                      • API String ID: 2801585419-4063604081
                                                                                                                                                                                                                                                                      • Opcode ID: b5f209f74ad6ea6bbc83218f4194a3bf1d39e152635c0cb6dcb7413264b03792
                                                                                                                                                                                                                                                                      • Instruction ID: 922db04de0cd69a6b856cd0f7598cc7e725132b7f04e059116342d9320edeeab
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5f209f74ad6ea6bbc83218f4194a3bf1d39e152635c0cb6dcb7413264b03792
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C21C832A0CB8082F7119B69E815369B3A5FF84784F509134EA8C43615EF3CE595CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DAC6E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBDCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,000002D55D476B10,00007FF72DA28681), ref: 00007FF72DBDCE00
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF72DA2327D), ref: 00007FF72DAC6E76
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF72DA2327D), ref: 00007FF72DAC6E8B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AcquireAddressExclusiveHandleLockModuleProc
                                                                                                                                                                                                                                                                      • String ID: Kernel32.dll$QueryUnbiasedInterruptTime
                                                                                                                                                                                                                                                                      • API String ID: 956071019-196062801
                                                                                                                                                                                                                                                                      • Opcode ID: eb059e61b2bc2bbd1608e6bbba92f222166dc37c2d3b7503d4bc1fbde52abc57
                                                                                                                                                                                                                                                                      • Instruction ID: 54ba9b669f50fdafbecfacf76e8d2d460cc435770dbe1c9ad1e33c0e9223f0af
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb059e61b2bc2bbd1608e6bbba92f222166dc37c2d3b7503d4bc1fbde52abc57
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1211B21A0DE4692EF10EB19EC64675B360EF88BA4F844036D94E463A5FE3CE4458F30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDF758 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileHeader
                                                                                                                                                                                                                                                                      • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                                                                                      • API String ID: 104395404-1147069514
                                                                                                                                                                                                                                                                      • Opcode ID: 79bd369efcde9b589b6606b498f8a207d59fca0eacc0e166345d7e54829c20c2
                                                                                                                                                                                                                                                                      • Instruction ID: 3b06d5d17373db9699758b838ee4c88d8e8d3280cc67262b08dc0d4ebc96ffd5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79bd369efcde9b589b6606b498f8a207d59fca0eacc0e166345d7e54829c20c2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9111C62A4DA8691EE10BB14EC651BCA320FF88748FC49532D14D466B9FE6CD646CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21FC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: GetThreadDescription$Kernel32.dll
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-415897907
                                                                                                                                                                                                                                                                      • Opcode ID: 94cdc5890585aa8baaea62c159fda408bfcb0cb6a30c91faeaf48d3c99391d8f
                                                                                                                                                                                                                                                                      • Instruction ID: 5c4e3b721e97a24ff5f46c9c196bc6ec9dd4d76b0c26e8cb3a773bb899cce902
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94cdc5890585aa8baaea62c159fda408bfcb0cb6a30c91faeaf48d3c99391d8f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9E0B624E4EA02D9EA04BB59BC95568A2A0FB98744FC00439C40D05320FF2CA1A78F34
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: Kernel32.dll$SetThreadDescription
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-1724334159
                                                                                                                                                                                                                                                                      • Opcode ID: acde162fa1650809f76d8ca1c968404e41490623bfd928ccd4f913779c58eee0
                                                                                                                                                                                                                                                                      • Instruction ID: 0270c9f02c224be6b1dcdbf33ac21b9b8cbd0c39fb3f88e714dd1df00502ba6e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acde162fa1650809f76d8ca1c968404e41490623bfd928ccd4f913779c58eee0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0E0EC24F5EA03D5EA04BB5AEC95574A2A0FB98744FD04439C40D01320FE3CA2E78FB0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                      • Opcode ID: 9b2d8a89bf8050a57fdf8dfc980f09e5ca4a0676aeac1c7b6e4e6e761ebe8ed8
                                                                                                                                                                                                                                                                      • Instruction ID: 9e0313da92d5f605c8811ed49b0b415e8231d9090a19106d778c413f90230ec0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b2d8a89bf8050a57fdf8dfc980f09e5ca4a0676aeac1c7b6e4e6e761ebe8ed8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14D09E2490DA0299D504BB55EC55074A261FF88754FC04135C40D01224FF3C51D7CB74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA22270 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                      • Opcode ID: f6e1e80a15bc416bec96dca1f00314f51f03fa54a48f4279d9a3d9b72d26b816
                                                                                                                                                                                                                                                                      • Instruction ID: 8e83f38a4b76b6c0e3c0a0b0cec4c437f045cbfe9f867527bc6d64f7d34a6679
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6e1e80a15bc416bec96dca1f00314f51f03fa54a48f4279d9a3d9b72d26b816
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1D09224A0EA0299E614BB59EC950B4A2A1FF88B54FC0443AC40D42224BE2CA2DB8B74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA26F10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                      • String ID: to_wide<char> invalid arguments$to_wide<char>::MultiByteToWideChar
                                                                                                                                                                                                                                                                      • API String ID: 626452242-363086301
                                                                                                                                                                                                                                                                      • Opcode ID: c1d3aff068a6961f82c483406bb8a6da90c8ed2e1e2c5aa681ee8eb1366b77b7
                                                                                                                                                                                                                                                                      • Instruction ID: f8b928ce8ade4408263477f327756477f8b04d4183f5639996d13dc040cf3b48
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1d3aff068a6961f82c483406bb8a6da90c8ed2e1e2c5aa681ee8eb1366b77b7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42510431A1CB8682EB10AF16EC44979A3A0FF94784F945135EA5E43694FF3CE985CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDBDD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF72DBDBDA5,?,?,?,?,?,00007FF72DA8E439), ref: 00007FF72DBDBE1F
                                                                                                                                                                                                                                                                      • SleepConditionVariableSRW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF72DBDBDA5,?,?,?,?,?,00007FF72DA8E439), ref: 00007FF72DBDBE72
                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF72DBDBEB3
                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF72DBDBDA5,?,?,?,?,?,00007FF72DA8E439), ref: 00007FF72DBDBF05
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3114648011-0
                                                                                                                                                                                                                                                                      • Opcode ID: 680c0b1c09a4b617edf37afe2d479c7f3caf95b752d914f4a7d15c6999fc97ee
                                                                                                                                                                                                                                                                      • Instruction ID: ba9ae8fd856ca2942fade16df6097b6986910e84f656ff24d30c800c38e2b71c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 680c0b1c09a4b617edf37afe2d479c7f3caf95b752d914f4a7d15c6999fc97ee
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13413B32B08B058AEB04DF66EC505ACB7B4F748B88B944936DE5D53B68DF38C591C7A0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA27380 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D090: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF72DA273C1,?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DB7D0D1
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D090: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF72DA273C1,?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DB7D0EA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB7D090: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF72DA273C1,?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DB7D147
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DA273E0
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DA27421
                                                                                                                                                                                                                                                                      • CreateEventW.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF72DA2E455), ref: 00007FF72DA27455
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DA2746F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$Leave$CloseCreateDeleteEnterEventHandleInitialize
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3435541109-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5ba827d002b9f6da1c4946d91291990f0b24e563d7adaa121e7c68cf81c18284
                                                                                                                                                                                                                                                                      • Instruction ID: d10b44430389ec33d810b5976715edcc5a146691d7f6b6ab83aa0c20d9192ebe
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ba827d002b9f6da1c4946d91291990f0b24e563d7adaa121e7c68cf81c18284
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E31C63290CB4186E711AF25E854769F760FB88784F944531DA8D07A54FF3CE5D1CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA31CAD Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$AllocCriticalFreeLeaveProcessSection_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: asw::settings::SettingsConfig::Lock
                                                                                                                                                                                                                                                                      • API String ID: 1860411460-4244600543
                                                                                                                                                                                                                                                                      • Opcode ID: 3c7a48d358f7a41c107bb5bbb714ad4a8032d4a0ea0e2fefe5915047888b21c4
                                                                                                                                                                                                                                                                      • Instruction ID: 8bcd97bc54b18df7050d7c05b59eb00e105cdf008920f9737cd85ca6f1a0b6b1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c7a48d358f7a41c107bb5bbb714ad4a8032d4a0ea0e2fefe5915047888b21c4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A11C622B0DB0185DA90EB56EC50869E3B1FF49BC0B844436DE4E03729FE3CE8428B30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA524E0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2793162063-0
                                                                                                                                                                                                                                                                      • Opcode ID: 417a5b176190f60aabbdcc769c1bc6715d1dad0802b8e3f553ac983e448c0ac1
                                                                                                                                                                                                                                                                      • Instruction ID: f07fcf8a447adb2e6459095b14f02e4b0dd05471d1b069875112351e24f6221c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 417a5b176190f60aabbdcc769c1bc6715d1dad0802b8e3f553ac983e448c0ac1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7115C3251968186E730DF25E8446ABB3A0FBC8785F408239EA9D47758FB3CD646CF60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA35CD0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2960854011-0
                                                                                                                                                                                                                                                                      • Opcode ID: f5deb5b3d007c3dcda36236a6ae67d4bf0e77b36215228cb2a370134a88f1ba0
                                                                                                                                                                                                                                                                      • Instruction ID: ff0d8960a0d8bae62fc42b8e7aef68b1c4f443b341790e242cd81af1eca7aa3d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5deb5b3d007c3dcda36236a6ae67d4bf0e77b36215228cb2a370134a88f1ba0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8411D632A2CB8081E700EF14E8514ACB7A4FB98BC4F955135FA8D42755EF38D9D5CB60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7F4B0 Relevance: 6.0, APIs: 4, Instructions: 47sleepfileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$Attributes$DeleteSleep
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3341637309-0
                                                                                                                                                                                                                                                                      • Opcode ID: 42dbacacb0cc333dd099437ff12ae106e607fb9c9893a78d60f945723fe54a3b
                                                                                                                                                                                                                                                                      • Instruction ID: 25cb2e1cce6da84e3e5667b15f05dc59f356f25ffc9232bbc3c581aaee47a5e8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42dbacacb0cc333dd099437ff12ae106e607fb9c9893a78d60f945723fe54a3b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45119422A0C54187FB54AF2DE85803DA3A0EB98B5CFD44534DB5D066D8EF3CE8868B74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDDB10 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                      • Opcode ID: ad3d16246cf7c7453e6e50cf065070920a8ef215d14a63b99bcae25058167dec
                                                                                                                                                                                                                                                                      • Instruction ID: e4cac953297635dd3eb2e9e5e73688e0921132e5f669124a80f52d06e755f39a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad3d16246cf7c7453e6e50cf065070920a8ef215d14a63b99bcae25058167dec
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D115122B18F018AEB00DF64EC542B873B4FB59758F840D35DA6D46794FF78D1958760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA43900 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF72DA43B5B
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBD99A0: MultiByteToWideChar.KERNEL32 ref: 00007FF72DBD99BC
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBD99A0: GetLastError.KERNEL32 ref: 00007FF72DBD99CA
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__std_fs_convert_narrow_to_wide
                                                                                                                                                                                                                                                                      • String ID: \u{$\x{
                                                                                                                                                                                                                                                                      • API String ID: 1033888727-3325273574
                                                                                                                                                                                                                                                                      • Opcode ID: 1d4a1d8512161649a1b2b80a99d9d91d3d3f9ad984632afaf44040893673d351
                                                                                                                                                                                                                                                                      • Instruction ID: f6fc51aaebe436662f37861f2e01f2b76aa52fe84f27f9b6056371dfa21270c9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d4a1d8512161649a1b2b80a99d9d91d3d3f9ad984632afaf44040893673d351
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36F14C62A0CB8585DB14AF2AE99462DB771F744F88F848432CE9E03368DF79D856C770
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB86C50 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID: gfffffff$gfffffff
                                                                                                                                                                                                                                                                      • API String ID: 0-161084747
                                                                                                                                                                                                                                                                      • Opcode ID: d8eb0798d3d34641cd08caa47951a1e5da38aef32fa5fdbce206f3fd9abc9fc1
                                                                                                                                                                                                                                                                      • Instruction ID: 41e171d19970236141a57f55a379cf41e3d4a3f5778f75f80b9f3a0140aafebd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8eb0798d3d34641cd08caa47951a1e5da38aef32fa5fdbce206f3fd9abc9fc1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA71E1B2708B8982DA14DB17F85446DB7A5F758BC0F50822AEE9C87B94EF3CE590C711
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DB7EE20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                      • String ID: {}\{}{:016x}.{}
                                                                                                                                                                                                                                                                      • API String ID: 3188754299-3450286142
                                                                                                                                                                                                                                                                      • Opcode ID: de8a899979aa8f4f515d188417843ac1c5bcac90874175aed9c360a84c988a9c
                                                                                                                                                                                                                                                                      • Instruction ID: 21018eab4f3351db79fa298f2b8c1e53c4bc542ab92ad330152fe74ab4a5d932
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de8a899979aa8f4f515d188417843ac1c5bcac90874175aed9c360a84c988a9c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA515837A08B458AF7509F29E8403ACB3B1FB48758F404635DE8C6BA98EF38D595C790
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBDF5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileFindHeaderInstanceTargetType
                                                                                                                                                                                                                                                                      • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                                      • API String ID: 746355257-2956939130
                                                                                                                                                                                                                                                                      • Opcode ID: 0b1c4c63bc5d65e6d1dc6229b1f424cc18444af0b7650428ac4c90b22d9ed6fd
                                                                                                                                                                                                                                                                      • Instruction ID: 2d345310b2c63a82fc132d6c41d72b7cfa90ab4d87fe6ef7f335eb212ef6c068
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b1c4c63bc5d65e6d1dc6229b1f424cc18444af0b7650428ac4c90b22d9ed6fd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C31962271CAC582DA60DB51E8646BDA390FB48B84F408536DE4D43B94EE3CD141CB30
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DBE6198 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: void$void
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-3746155364
                                                                                                                                                                                                                                                                      • Opcode ID: e8fc192b398484932b5e0ed127c3e3a464183f314aa5b9aa0e55174d96ae8fb6
                                                                                                                                                                                                                                                                      • Instruction ID: fb0176b703dd66f295db60d11af0ab7959ef4ca1612c8752e338a9a285c8b9f9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8fc192b398484932b5e0ed127c3e3a464183f314aa5b9aa0e55174d96ae8fb6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23312762E1CA9598FB01ABA4DC510ACB7B0FB48748BC44536DA8E53B59EF389144CB70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DC039D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _set_errno_from_matherr
                                                                                                                                                                                                                                                                      • String ID: exp
                                                                                                                                                                                                                                                                      • API String ID: 1187470696-113136155
                                                                                                                                                                                                                                                                      • Opcode ID: 4fd1aad0ecfb6963d7853382f1f01b2d466affbca79990e3a5012c45563882a0
                                                                                                                                                                                                                                                                      • Instruction ID: a66bc89aa70c8995972f305464d9abd6e0c2903dd849c51fbea130da3ac2a6e3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fd1aad0ecfb6963d7853382f1f01b2d466affbca79990e3a5012c45563882a0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6212B36E18A158EE750EF78C8406AC73B0FB48348F901635EA4D96B49EF38D4828F60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: asw_process_storage_deallocate_connector
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-2412585098
                                                                                                                                                                                                                                                                      • Opcode ID: 29947da8d03d5a461595dc2a3053de8999c99c2b121d1649a36fc2b2b3381ed1
                                                                                                                                                                                                                                                                      • Instruction ID: cc099e92c86b6259ceb47e3b6711dbf6ea09d0765757f5fa1fcccc44508b1dd3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29947da8d03d5a461595dc2a3053de8999c99c2b121d1649a36fc2b2b3381ed1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14D01234E0EA4295E6187B69FC56074B2A0EF48744FD0443EC40E01324FE3C91D78B74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA219C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: asw_process_storage_deallocate_connector
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-2412585098
                                                                                                                                                                                                                                                                      • Opcode ID: 139bba5928663c7ecc2ba44d93a1eb750a518b60e079ee08078ab99766759ee3
                                                                                                                                                                                                                                                                      • Instruction ID: 4fbc6a79f0e4dddc020f53a7d7026cfde6a150d71ac38bd0dbd2a4cac981ca2a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 139bba5928663c7ecc2ba44d93a1eb750a518b60e079ee08078ab99766759ee3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01D0C924A0EA4295E6187B65AC56074A2A0EF48744FC0443AC40E01324FF2C91D78B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA219F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: asw_process_storage_allocate_connector
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-1936732423
                                                                                                                                                                                                                                                                      • Opcode ID: 7686f38223194399b91e5b6c15935f97f82fcbd5d4e262ef9654291e43ee805b
                                                                                                                                                                                                                                                                      • Instruction ID: 5637831433e028865c8d52d4f74526bdf288df3e636578bb9c4f8cfc9c7cbb51
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7686f38223194399b91e5b6c15935f97f82fcbd5d4e262ef9654291e43ee805b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BD0C924A1EA4295D6187765AC55074A2A0FF48744FD0443AC80E01324FE2C91978B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                      • String ID: asw_process_storage_allocate_connector
                                                                                                                                                                                                                                                                      • API String ID: 1646373207-1936732423
                                                                                                                                                                                                                                                                      • Opcode ID: 8f45831adc5013ca76878f912c325aa15f94b34b72582f54288b86e352c08de9
                                                                                                                                                                                                                                                                      • Instruction ID: b9b6a4e1064f56b79365de500630c3d4d3b3b3bf3cd18ec71097880b9458cabd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f45831adc5013ca76878f912c325aa15f94b34b72582f54288b86e352c08de9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6D01224E1EA4295E6187769FC55074B2A0FF48744FD0443EC90E01324FE3C91D78B74
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA31710 Relevance: 5.1, APIs: 4, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetModuleHandleW.KERNEL32 ref: 00007FF72DB8BFE2
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetClassInfoExW.USER32 ref: 00007FF72DB8BFF3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetLastError.KERNEL32 ref: 00007FF72DB8C001
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: Sleep.KERNEL32 ref: 00007FF72DB8C00E
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C027
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapAlloc.KERNEL32 ref: 00007FF72DB8C042
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: InitializeCriticalSection.KERNEL32 ref: 00007FF72DB8C064
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C06A
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C080
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: RegisterClassExW.USER32 ref: 00007FF72DB8C09F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapFree.KERNEL32 ref: 00007FF72DB8C0CA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: DeleteCriticalSection.KERNEL32 ref: 00007FF72DB8C0E3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C0E9
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapFree.KERNEL32 ref: 00007FF72DB8C105
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetLastError.KERNEL32 ref: 00007FF72DB8C116
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 00007FF72DA31756
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00007FF72DA31793
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32 ref: 00007FF72DA3181D
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DA3182F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA2B010: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DA3A1E4,?,?,?,?,?,?,00000000), ref: 00007FF72DA2B03F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBF1908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72DBF192D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1441953332-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3603b45df625fc18cc257f64d94fe1af63af281d1f6f8cf00df84c35f9a2e23b
                                                                                                                                                                                                                                                                      • Instruction ID: c3889624078639b6a5f432553fb5dfc5a3baee1a50c9004e7e8aee420a6f04b7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3603b45df625fc18cc257f64d94fe1af63af281d1f6f8cf00df84c35f9a2e23b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5831C222A0DB4185EA40EB56FC14969F3A5FF99BC0F958035EE8D03715EF7CE8818B60
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA21B0B Relevance: 5.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                      • Opcode ID: 41d7727ed5491970595107137a0519f0fed7780542c45102f736fbe3010ef021
                                                                                                                                                                                                                                                                      • Instruction ID: 168305d4323935c6dd207c1ffa46f3b0507c55c7f856b75d89dd530472662261
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41d7727ed5491970595107137a0519f0fed7780542c45102f736fbe3010ef021
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D411232B0CA419AEB00EFA1D8559EC6371EB54348FC10436EA0E6765AFF38D955C770
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF72DA315E0 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetModuleHandleW.KERNEL32 ref: 00007FF72DB8BFE2
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetClassInfoExW.USER32 ref: 00007FF72DB8BFF3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetLastError.KERNEL32 ref: 00007FF72DB8C001
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: Sleep.KERNEL32 ref: 00007FF72DB8C00E
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C027
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapAlloc.KERNEL32 ref: 00007FF72DB8C042
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: InitializeCriticalSection.KERNEL32 ref: 00007FF72DB8C064
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C06A
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C080
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: RegisterClassExW.USER32 ref: 00007FF72DB8C09F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapFree.KERNEL32 ref: 00007FF72DB8C0CA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: DeleteCriticalSection.KERNEL32 ref: 00007FF72DB8C0E3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetProcessHeap.KERNEL32 ref: 00007FF72DB8C0E9
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: HeapFree.KERNEL32 ref: 00007FF72DB8C105
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DB8BF70: GetLastError.KERNEL32 ref: 00007FF72DB8C116
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 00007FF72DA31623
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00007FF72DA31655
                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32 ref: 00007FF72DA316C2
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF72DA316D4
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DA2B010: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF72DA3A1E4,?,?,?,?,?,?,00000000), ref: 00007FF72DA2B03F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF72DBF1908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72DBF192D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.3223559876.00007FF72DA21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF72DA20000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223527110.00007FF72DA20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223770128.00007FF72DC62000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223859163.00007FF72DD43000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223893711.00007FF72DD45000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223919103.00007FF72DD4E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223954638.00007FF72DD51000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3223979673.00007FF72DD56000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224007713.00007FF72DD57000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224042825.00007FF72DD5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224070873.00007FF72DD61000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224094090.00007FF72DD63000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224125791.00007FF72DD64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDB5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224177032.00007FF72DDBA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.3224235405.00007FF72DDBF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff72da20000_Instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1441953332-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4affbfd2ea972e4569d3eabf6e0fa1c8bf18e4b70590a6aed85c7e18a40c75c7
                                                                                                                                                                                                                                                                      • Instruction ID: 1d6cb439a316d368f94689fc500e4105298d309405138b8ba9165a78fcb60dca
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4affbfd2ea972e4569d3eabf6e0fa1c8bf18e4b70590a6aed85c7e18a40c75c7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D31AF21A0DB4585EA50EF56EC14969F3A5FF88BC0B984035DE9E43725EF7CE8418B70
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:5%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:0.1%
                                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:102
                                                                                                                                                                                                                                                                      execution_graph 74964 7ffbaa6a1bd3 74965 7ffbaa6a1bd8 74964->74965 74966 7ffbaa6a1bec LeaveCriticalSection 74965->74966 74967 7ff6ae5f3260 InitializeCriticalSection 74972 7ff6ae696e20 74967->74972 74973 7ff6ae696e5a 74972->74973 74975 7ff6ae696ea4 74972->74975 74999 7ff6ae7acdf0 AcquireSRWLockExclusive 74973->74999 74978 7ff6ae696eba 74975->74978 75004 7ff6ae691be0 74975->75004 74990 7ff6ae7acd10 74978->74990 74985 7ff6ae794410 74986 7ff6ae696e20 18 API calls 74985->74986 74987 7ff6ae794432 GetSystemTimes 74986->74987 74988 7ff6ae7acd10 DName::DName 8 API calls 74987->74988 74989 7ff6ae5f3287 74988->74989 74991 7ff6ae7acd19 74990->74991 74992 7ff6ae5f327d 74991->74992 74993 7ff6ae7ad320 IsProcessorFeaturePresent 74991->74993 74992->74985 74994 7ff6ae7ad338 74993->74994 75009 7ff6ae7ad514 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 74994->75009 74996 7ff6ae7ad34b 75010 7ff6ae7ad2ec SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 74996->75010 75000 7ff6ae7ace06 74999->75000 75001 7ff6ae7ace0b ReleaseSRWLockExclusive 75000->75001 75003 7ff6ae7ace10 SleepConditionVariableSRW 75000->75003 75003->75000 75011 7ff6ae7abf2c QueryPerformanceFrequency 75004->75011 75006 7ff6ae691bef 75012 7ff6ae7abf10 QueryPerformanceCounter 75006->75012 75008 7ff6ae691bf7 75008->74978 75009->74996 75011->75006 75012->75008 75013 7ffbaa686f8c 75014 7ffbaa686f95 GetClientRect 75013->75014 75017 7ffbaa687327 75013->75017 75014->75017 75018 7ffbaa686fdd 75014->75018 75015 7ffbaa6885a5 LeaveCriticalSection 75016 7ffbaa6885af 75015->75016 75079 7ffbaa903b80 75016->75079 75017->75015 75017->75016 75018->75017 75019 7ffbaa6876d1 BeginPaint EndPaint 75018->75019 75021 7ffbaa687008 75018->75021 75019->75017 75023 7ffbaa68732c GetWindowLongA 75021->75023 75024 7ffbaa687018 BeginPaint 75021->75024 75025 7ffbaa68733d 75023->75025 75026 7ffbaa68738c GetWindowLongA 75023->75026 75034 7ffbaa687057 memcpy_s 75024->75034 75025->75026 75027 7ffbaa687365 BeginPaint EndPaint 75025->75027 75028 7ffbaa687514 75026->75028 75029 7ffbaa6873a4 BeginPaint 75026->75029 75075 7ffbaa6bf3d0 65 API calls 2 library calls 75027->75075 75060 7ffbaa685e80 BeginPaint 75028->75060 75030 7ffbaa700e40 10 API calls 75029->75030 75033 7ffbaa687467 75030->75033 75036 7ffbaa687482 75033->75036 75037 7ffbaa687473 75033->75037 75072 7ffbaa705540 CreateDIBSection 75034->75072 75077 7ffbaa700f30 7 API calls 75036->75077 75076 7ffbaa686c80 21 API calls _log10_special 75037->75076 75044 7ffbaa6874d0 __std_exception_copy 75049 7ffbaa687502 EndPaint 75044->75049 75045 7ffbaa6870d9 memcpy_s 75073 7ffbaa703820 29 API calls 75045->75073 75049->75017 75052 7ffbaa6871c1 SetWindowOrgEx 75053 7ffbaa687220 75052->75053 75074 7ffbaa7039d0 18 API calls 75053->75074 75055 7ffbaa687691 __std_exception_copy 75078 7ffbaa686040 16 API calls _log10_special 75055->75078 75061 7ffbaa685ee2 75060->75061 75062 7ffbaa685eed GetClientRect 75060->75062 75061->75062 75063 7ffbaa685efa CreateCompatibleDC 75061->75063 75062->75063 75064 7ffbaa686012 75063->75064 75065 7ffbaa685f14 13 API calls 75063->75065 75066 7ffbaa903b80 _log10_special 8 API calls 75064->75066 75065->75064 75067 7ffbaa686022 75066->75067 75067->75055 75068 7ffbaa700e40 75067->75068 75069 7ffbaa700e5e GetDC 75068->75069 75070 7ffbaa700e6c 9 API calls 75068->75070 75069->75070 75072->75045 75073->75052 75075->75017 75076->75036 75077->75044 75078->75017 75080 7ffbaa903b89 75079->75080 75081 7ffbaa6885e3 75080->75081 75082 7ffbaa904230 IsProcessorFeaturePresent 75080->75082 75083 7ffbaa904248 75082->75083 75088 7ffbaa904424 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 75083->75088 75085 7ffbaa90425b 75089 7ffbaa9041f8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75085->75089 75088->75085 75090 7ff6ae61bdef 75091 7ff6ae61bdf9 75090->75091 75107 7ff6ae5fdf10 75091->75107 75093 7ff6ae61be05 GetFileAttributesW 75095 7ff6ae61be2c 75093->75095 75123 7ff6ae5fc6b0 75095->75123 75108 7ff6ae5fdf6d 75107->75108 75118 7ff6ae5fdf40 _Yarn 75107->75118 75109 7ff6ae5fdf80 75108->75109 75110 7ff6ae5fe047 75108->75110 75111 7ff6ae5fdfc2 75109->75111 75113 7ff6ae5fe04c 75109->75113 75149 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75110->75149 75129 7ff6ae6020f0 75111->75129 75150 7ff6ae5f37d0 44 API calls 3 library calls 75113->75150 75116 7ff6ae5fdfd6 _Yarn 75116->75118 75151 7ff6ae7c2130 75116->75151 75118->75093 75124 7ff6ae5fc6ee 75123->75124 75181 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75124->75181 75130 7ff6ae602131 75129->75130 75131 7ff6ae602107 75129->75131 75134 7ff6ae60213f 75130->75134 75142 7ff6ae7aceaa 75130->75142 75156 7ff6ae7d0a38 75130->75156 75132 7ff6ae602110 75131->75132 75133 7ff6ae602146 75131->75133 75159 7ff6ae7ace80 75132->75159 75168 7ff6ae5f37d0 44 API calls 3 library calls 75133->75168 75134->75116 75137 7ff6ae602118 75138 7ff6ae602120 75137->75138 75139 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75137->75139 75138->75116 75144 7ff6ae602151 75139->75144 75140 7ff6ae6021aa 75140->75116 75143 7ff6ae7aceb5 75142->75143 75169 7ff6ae7aa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 75142->75169 75170 7ff6ae5f37d0 44 API calls 3 library calls 75143->75170 75144->75140 75147 7ff6ae5fde60 44 API calls std::_Throw_Cpp_error 75144->75147 75147->75144 75148 7ff6ae7acebb 75148->75116 75150->75116 75179 7ff6ae7c1f98 40 API calls 2 library calls 75151->75179 75153 7ff6ae7c2149 75180 7ff6ae7c2160 17 API calls _invalid_parameter_noinfo_noreturn 75153->75180 75171 7ff6ae7d0a74 75156->75171 75160 7ff6ae7ace8b 75159->75160 75161 7ff6ae7acea4 75160->75161 75162 7ff6ae7d0a38 std::_Facet_Register 2 API calls 75160->75162 75163 7ff6ae7aceaa 75160->75163 75161->75137 75162->75160 75164 7ff6ae7aceb5 75163->75164 75177 7ff6ae7aa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 75163->75177 75178 7ff6ae5f37d0 44 API calls 3 library calls 75164->75178 75167 7ff6ae7acebb 75167->75137 75168->75137 75170->75148 75176 7ff6ae7d0258 EnterCriticalSection 75171->75176 75178->75167 75179->75153 75182 7ffbaa6a2e50 75184 7ffbaa6a2e72 75182->75184 75183 7ffbaa6a2e7a 75184->75183 75185 7ffbaa6a2f0d 75184->75185 75186 7ffbaa6a2eaa EnterCriticalSection 75184->75186 75189 7ffbaa751e40 34 API calls 75185->75189 75192 7ffbaa6a2f22 75185->75192 75187 7ffbaa6a2ec4 75186->75187 75188 7ffbaa6a2ed1 75186->75188 75193 7ffbaa751e40 75187->75193 75191 7ffbaa6a2eee LeaveCriticalSection 75188->75191 75189->75192 75194 7ffbaa751e6e 75193->75194 75195 7ffbaa751e9d 75193->75195 75194->75195 75197 7ffbaa6b6520 75194->75197 75195->75188 75198 7ffbaa6b6544 75197->75198 75201 7ffbaa6b65b5 75197->75201 75199 7ffbaa6b6588 GetFocus 75198->75199 75202 7ffbaa6b656a 75198->75202 75200 7ffbaa6b659f SetFocus SetForegroundWindow 75199->75200 75199->75201 75200->75201 75204 7ffbaa72a57c 75201->75204 75207 7ffbaa759740 31 API calls _log10_special 75201->75207 75202->75195 75205 7ffbaa903b80 _log10_special 8 API calls 75204->75205 75206 7ffbaa72aab8 75205->75206 75206->75195 75207->75204 75208 7ff6ae61d074 GetFileAttributesW 75209 7ff6ae61d082 75208->75209 75228 7ff6ae620a90 75209->75228 75213 7ff6ae61d0b8 75252 7ff6ae5fde60 75213->75252 75215 7ff6ae61d0c2 GetFileAttributesW 75217 7ff6ae61d0da 75215->75217 75271 7ff6ae5f79d0 75217->75271 75221 7ff6ae61d148 75282 7ff6ae5f7820 45 API calls std::_Throw_Cpp_error 75221->75282 75223 7ff6ae61d15a 75283 7ff6ae5f7820 45 API calls std::_Throw_Cpp_error 75223->75283 75225 7ff6ae61d174 75284 7ff6ae5f7600 75225->75284 75300 7ff6ae5fc1b0 75228->75300 75230 7ff6ae620bd5 75311 7ff6ae5fe0f0 75230->75311 75231 7ff6ae620ae9 75235 7ff6ae620b95 75231->75235 75236 7ff6ae620b56 75231->75236 75316 7ff6ae5fc440 44 API calls 75231->75316 75233 7ff6ae5fe0f0 44 API calls 75233->75235 75234 7ff6ae61d0ad 75239 7ff6ae5fc510 75234->75239 75235->75230 75317 7ff6ae5fc440 44 API calls 75235->75317 75236->75233 75240 7ff6ae5fc566 75239->75240 75241 7ff6ae5fc533 75239->75241 75240->75213 75241->75240 75242 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75241->75242 75245 7ff6ae5fc5af 75242->75245 75243 7ff6ae5fc6a3 75322 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75243->75322 75245->75243 75247 7ff6ae5fc62e 75245->75247 75248 7ff6ae5fc69e 75245->75248 75251 7ff6ae5fc606 75245->75251 75249 7ff6ae6020f0 std::_Throw_Cpp_error 44 API calls 75247->75249 75321 7ff6ae5f37d0 44 API calls 3 library calls 75248->75321 75249->75251 75251->75213 75253 7ff6ae5fde79 75252->75253 75254 7ff6ae5fdea2 75252->75254 75253->75254 75255 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75253->75255 75254->75215 75256 7ff6ae5fdec6 75255->75256 75257 7ff6ae5fdf40 _Yarn 75256->75257 75258 7ff6ae5fdf80 75256->75258 75259 7ff6ae5fe047 75256->75259 75257->75215 75261 7ff6ae5fdfc2 75258->75261 75262 7ff6ae5fe04c 75258->75262 75323 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75259->75323 75263 7ff6ae6020f0 std::_Throw_Cpp_error 44 API calls 75261->75263 75324 7ff6ae5f37d0 44 API calls 3 library calls 75262->75324 75266 7ff6ae5fdfd6 _Yarn 75263->75266 75265 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75267 7ff6ae5fe058 75265->75267 75266->75257 75266->75265 75268 7ff6ae5fe092 75267->75268 75325 7ff6ae602370 44 API calls 4 library calls 75267->75325 75268->75215 75270 7ff6ae5fe0e5 75270->75215 75326 7ff6ae5fdc20 75271->75326 75273 7ff6ae5f7ab2 75275 7ff6ae7aece0 __std_exception_destroy 13 API calls 75273->75275 75274 7ff6ae5f7a7e 75334 7ff6ae7aece0 75274->75334 75277 7ff6ae5f7aad 75275->75277 75279 7ff6ae7acd10 DName::DName 8 API calls 75277->75279 75280 7ff6ae5f7af3 75279->75280 75281 7ff6ae5f74e0 100 API calls 75280->75281 75281->75221 75282->75223 75283->75225 75285 7ff6ae5f7632 75284->75285 75287 7ff6ae5f764a 75284->75287 75285->75287 75473 7ff6ae5fb5e0 44 API calls _Yarn 75285->75473 75286 7ff6ae5f82e0 std::_Throw_Cpp_error 45 API calls 75289 7ff6ae5f77f4 75286->75289 75287->75286 75292 7ff6ae7acd10 DName::DName 8 API calls 75289->75292 75290 7ff6ae5f769e 75296 7ff6ae5f76a9 75290->75296 75474 7ff6ae5fc7b0 75290->75474 75294 7ff6ae5f780b 75292->75294 75481 7ff6ae5f82e0 75296->75481 75297 7ff6ae5f7718 75480 7ff6ae5fe190 44 API calls 2 library calls 75297->75480 75303 7ff6ae5fc1d9 75300->75303 75309 7ff6ae5fc2ae _Yarn 75300->75309 75301 7ff6ae5fc2ed 75319 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75301->75319 75303->75301 75305 7ff6ae5fc2e7 75303->75305 75306 7ff6ae6020f0 std::_Throw_Cpp_error 44 API calls 75303->75306 75318 7ff6ae5f37d0 44 API calls 3 library calls 75305->75318 75308 7ff6ae5fc261 _Yarn 75306->75308 75308->75309 75310 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75308->75310 75309->75231 75310->75305 75312 7ff6ae5fe165 75311->75312 75313 7ff6ae5fe11e _Yarn 75311->75313 75320 7ff6ae602500 44 API calls 4 library calls 75312->75320 75313->75234 75315 7ff6ae5fe17d 75315->75234 75316->75236 75317->75230 75318->75301 75320->75315 75321->75243 75324->75266 75325->75270 75338 7ff6ae5fe230 75326->75338 75330 7ff6ae5fdc55 75331 7ff6ae5f7a2b 75330->75331 75383 7ff6ae5f37b0 20 API calls 75330->75383 75331->75273 75331->75274 75335 7ff6ae7aecef 75334->75335 75336 7ff6ae7aecf7 75334->75336 75472 7ff6ae7c19f0 13 API calls 2 library calls 75335->75472 75336->75277 75339 7ff6ae5fe271 75338->75339 75365 7ff6ae5fe3ce 75338->75365 75341 7ff6ae5fe382 75339->75341 75384 7ff6ae5f7380 75339->75384 75344 7ff6ae7acd10 DName::DName 8 API calls 75341->75344 75342 7ff6ae5fe3df 75346 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75342->75346 75345 7ff6ae5fdc4d 75344->75345 75368 7ff6ae74d250 75345->75368 75348 7ff6ae5fe3ef 75346->75348 75349 7ff6ae5fe2a1 75399 7ff6ae5febd0 75349->75399 75350 7ff6ae5fe33f 75351 7ff6ae5fe344 WaitForSingleObject 75350->75351 75367 7ff6ae5fe331 75350->75367 75351->75367 75354 7ff6ae5fe3ae 75419 7ff6ae75d690 42 API calls 75354->75419 75355 7ff6ae5fe2de 75357 7ff6ae7ace80 std::_Facet_Register 44 API calls 75355->75357 75356 7ff6ae5fe367 CloseHandle 75359 7ff6ae7acd30 75356->75359 75360 7ff6ae5fe2f3 75357->75360 75359->75341 75402 7ff6ae74db00 60 API calls 75360->75402 75361 7ff6ae5fe3be 75420 7ff6ae7af810 75361->75420 75364 7ff6ae5fe322 75403 7ff6ae74d160 75364->75403 75425 7ff6ae75d690 42 API calls 75365->75425 75367->75341 75367->75356 75373 7ff6ae74d266 75368->75373 75381 7ff6ae74d2b0 75368->75381 75370 7ff6ae74d27d 75370->75330 75371 7ff6ae74d2bb 75372 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75371->75372 75375 7ff6ae74d2cc 75372->75375 75373->75370 75382 7ff6ae74d294 75373->75382 75461 7ff6ae5f37b0 20 API calls 75373->75461 75464 7ff6ae7aec50 75375->75464 75376 7ff6ae74d29f 75378 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75376->75378 75378->75381 75463 7ff6ae74d470 42 API calls 75381->75463 75462 7ff6ae74d430 42 API calls 75382->75462 75426 7ff6ae74d090 75384->75426 75386 7ff6ae5f73c1 75387 7ff6ae5f73dc CloseHandle 75386->75387 75389 7ff6ae5f73f3 75386->75389 75388 7ff6ae7acd30 75387->75388 75388->75389 75390 7ff6ae5f7415 75389->75390 75391 7ff6ae5f742b 75389->75391 75392 7ff6ae5f741c LeaveCriticalSection 75390->75392 75393 7ff6ae5f7427 75390->75393 75394 7ff6ae7ace80 std::_Facet_Register 44 API calls 75391->75394 75392->75393 75397 7ff6ae7acd10 DName::DName 8 API calls 75393->75397 75395 7ff6ae5f7435 CreateEventW 75394->75395 75395->75393 75396 7ff6ae5f746a LeaveCriticalSection 75395->75396 75396->75393 75398 7ff6ae5f7484 75397->75398 75398->75349 75398->75350 75438 7ff6ae5fed60 75399->75438 75402->75364 75404 7ff6ae74d090 63 API calls 75403->75404 75405 7ff6ae74d19d 75404->75405 75406 7ff6ae74d220 75405->75406 75408 7ff6ae74d1b0 SetEvent 75405->75408 75460 7ff6ae75d690 42 API calls 75406->75460 75410 7ff6ae74d1cc 75408->75410 75411 7ff6ae74d1e8 75408->75411 75409 7ff6ae74d231 75414 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75409->75414 75410->75411 75415 7ff6ae74d1d1 CloseHandle 75410->75415 75412 7ff6ae74d1fa LeaveCriticalSection 75411->75412 75413 7ff6ae74d205 75411->75413 75412->75413 75416 7ff6ae7acd10 DName::DName 8 API calls 75413->75416 75417 7ff6ae74d242 75414->75417 75415->75411 75418 7ff6ae74d212 75416->75418 75418->75367 75419->75361 75421 7ff6ae7af82f 75420->75421 75422 7ff6ae7af858 RtlPcToFileHeader 75421->75422 75423 7ff6ae7af87a RaiseException 75421->75423 75424 7ff6ae7af870 75422->75424 75423->75365 75424->75423 75425->75342 75427 7ff6ae74d13d EnterCriticalSection 75426->75427 75428 7ff6ae74d0b9 75426->75428 75427->75386 75429 7ff6ae7ace80 std::_Facet_Register 44 API calls 75428->75429 75430 7ff6ae74d0c6 InitializeCriticalSection 75429->75430 75431 7ff6ae74d0e7 DeleteCriticalSection 75430->75431 75432 7ff6ae74d0ff 75430->75432 75436 7ff6ae74d0fd 75431->75436 75433 7ff6ae7ace80 std::_Facet_Register 44 API calls 75432->75433 75434 7ff6ae74d109 75433->75434 75437 7ff6ae74db00 60 API calls 75434->75437 75436->75427 75437->75436 75439 7ff6ae7ace80 std::_Facet_Register 44 API calls 75438->75439 75440 7ff6ae5fed6e 75439->75440 75443 7ff6ae5fedc0 75440->75443 75444 7ff6ae5fee14 75443->75444 75446 7ff6ae5fe2ca 75444->75446 75447 7ff6ae5ff030 75444->75447 75446->75354 75446->75355 75448 7ff6ae5ff06e 75447->75448 75455 7ff6ae74b450 75448->75455 75452 7ff6ae5ff13c 75453 7ff6ae7acd10 DName::DName 8 API calls 75452->75453 75454 7ff6ae5ff1c4 75453->75454 75454->75446 75459 7ff6ae74b4f0 47 API calls 3 library calls 75455->75459 75457 7ff6ae5ff087 75458 7ff6ae7af5f0 RtlPcToFileHeader RtlPcToFileHeader RaiseException Concurrency::cancel_current_task FindMITargetTypeInstance 75457->75458 75458->75452 75459->75457 75460->75409 75462->75376 75463->75371 75465 7ff6ae74d30b 75464->75465 75466 7ff6ae7aec71 75464->75466 75465->75330 75466->75465 75467 7ff6ae7aeca6 75466->75467 75470 7ff6ae7c1908 40 API calls 2 library calls 75466->75470 75471 7ff6ae7c19f0 13 API calls 2 library calls 75467->75471 75470->75467 75471->75465 75472->75336 75473->75290 75475 7ff6ae5f770c 75474->75475 75476 7ff6ae5fc7d5 75474->75476 75479 7ff6ae5f8170 44 API calls 3 library calls 75475->75479 75476->75475 75488 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75476->75488 75479->75297 75480->75296 75482 7ff6ae5f82f9 75481->75482 75483 7ff6ae5f831d 75481->75483 75482->75483 75484 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75482->75484 75483->75287 75485 7ff6ae5f8343 75484->75485 75489 7ff6ae5f83a0 75485->75489 75487 7ff6ae5f8392 75487->75287 75490 7ff6ae5f83da 75489->75490 75491 7ff6ae5f8488 75489->75491 75493 7ff6ae5f8419 75490->75493 75494 7ff6ae5f848d 75490->75494 75495 7ff6ae5f83e8 _Yarn 75490->75495 75502 7ff6ae5f3890 44 API calls std::_Throw_Cpp_error 75491->75502 75497 7ff6ae6020f0 std::_Throw_Cpp_error 44 API calls 75493->75497 75503 7ff6ae5f37d0 44 API calls 3 library calls 75494->75503 75495->75487 75498 7ff6ae5f8430 _Yarn 75497->75498 75498->75487 75499 7ff6ae5f8493 75500 7ff6ae5f84df 75499->75500 75501 7ff6ae5f84c9 HeapFree 75499->75501 75500->75487 75501->75487 75503->75499 75504 7ffbaa6aae90 75505 7ffbaa6aaec6 75504->75505 75506 7ffbaa6aaf2d 75505->75506 75509 7ffbaa6aaecb 75505->75509 75512 7ffbaa74f1c0 75506->75512 75516 7ffbaa7e2ca0 75509->75516 75513 7ffbaa74f217 75512->75513 75514 7ffbaa903b80 _log10_special 8 API calls 75513->75514 75515 7ffbaa6aaf56 75514->75515 75518 7ffbaa7e2d22 75516->75518 75546 7ffbaa7c9c60 75518->75546 75520 7ffbaa7e3cd0 75524 7ffbaa7e3cb1 75520->75524 75570 7ffbaa79fe40 8 API calls _log10_special 75520->75570 75522 7ffbaa7e3ce0 75522->75524 75571 7ffbaa702f30 27 API calls _log10_special 75522->75571 75523 7ffbaa7e2f1e 75528 7ffbaa7e3c7a 75523->75528 75529 7ffbaa7e2fc4 75523->75529 75530 7ffbaa7e2ff1 75523->75530 75525 7ffbaa903b80 _log10_special 8 API calls 75524->75525 75526 7ffbaa6aaf22 75525->75526 75528->75524 75569 7ffbaa8252f0 8 API calls 75528->75569 75562 7ffbaa7e2270 8 API calls 75529->75562 75563 7ffbaa7e2270 8 API calls 75530->75563 75532 7ffbaa7e2fef 75544 7ffbaa7e3103 75532->75544 75564 7ffbaa79fe40 8 API calls _log10_special 75532->75564 75536 7ffbaa7e307e 75536->75544 75565 7ffbaa7a0240 8 API calls 2 library calls 75536->75565 75539 7ffbaa7e3096 75566 7ffbaa7a0410 8 API calls 2 library calls 75539->75566 75542 7ffbaa7c9c60 71 API calls 75542->75544 75544->75528 75544->75542 75552 7ffbaa73a6c0 75544->75552 75556 7ffbaa7e29c0 75544->75556 75567 7ffbaa7e0ab0 8 API calls _log10_special 75544->75567 75568 7ffbaa79be00 55 API calls 2 library calls 75544->75568 75549 7ffbaa7c9ca3 75546->75549 75551 7ffbaa7c9d5f 75546->75551 75547 7ffbaa903b80 _log10_special 8 API calls 75548 7ffbaa7c9d8b 75547->75548 75548->75520 75548->75523 75572 7ffbaa719240 71 API calls _log10_special 75549->75572 75551->75547 75554 7ffbaa73a6ff 75552->75554 75553 7ffbaa903b80 _log10_special 8 API calls 75555 7ffbaa73a7c4 75553->75555 75554->75553 75555->75544 75557 7ffbaa7e29ff 75556->75557 75559 7ffbaa7e2b64 75557->75559 75573 7ffbaa903ff4 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 75557->75573 75559->75544 75562->75532 75563->75532 75564->75536 75565->75539 75566->75544 75567->75544 75568->75544 75569->75524 75570->75522 75571->75524 75572->75551 75574 7ff6ae5f1a70 #115 75579 7ff6ae7ad290 75574->75579 75577 7ff6ae7acd10 DName::DName 8 API calls 75578 7ff6ae5f1abb 75577->75578 75582 7ff6ae7ad254 75579->75582 75581 7ff6ae5f1aab 75581->75577 75583 7ff6ae7ad26e 75582->75583 75584 7ff6ae7ad267 75582->75584 75586 7ff6ae7d0e6c 43 API calls 75583->75586 75584->75581 75586->75584 75587 7ffbaa6a3980 75588 7ffbaa6a39a7 75587->75588 75589 7ffbaa6a39e0 75588->75589 75590 7ffbaa6a39e5 EnterCriticalSection 75588->75590 75591 7ffbaa6a3a29 LeaveCriticalSection 75590->75591 75592 7ffbaa6a39ff LeaveCriticalSection 75590->75592 75591->75589 75592->75589 75595 7ffbaa6a0800 75598 7ffbaa6a0840 75595->75598 75608 7ffbaa6a0838 75595->75608 75596 7ffbaa903b80 _log10_special 8 API calls 75597 7ffbaa6a09b7 75596->75597 75598->75608 75612 7ffbaa69a7f0 75598->75612 75600 7ffbaa6a0866 75616 7ffbaa6a9670 75600->75616 75602 7ffbaa6a0876 75603 7ffbaa6a0998 75602->75603 75604 7ffbaa6a089c 75602->75604 75622 7ffbaa756460 75603->75622 75630 7ffbaa8696bc 75604->75630 75607 7ffbaa6a08c8 memcpy_s 75607->75608 75634 7ffbaa762180 75607->75634 75608->75596 75613 7ffbaa69a81f 75612->75613 75615 7ffbaa69a84a 75612->75615 75613->75615 75655 7ffbaa9041f0 75613->75655 75615->75600 75618 7ffbaa6a96a8 75616->75618 75619 7ffbaa6a96df 75616->75619 75618->75619 75667 7ffbaa934c68 22 API calls 75618->75667 75621 7ffbaa6a9750 75619->75621 75668 7ffbaa94ae6c 22 API calls 2 library calls 75619->75668 75621->75602 75626 7ffbaa756497 75622->75626 75623 7ffbaa756525 75624 7ffbaa903b80 _log10_special 8 API calls 75623->75624 75625 7ffbaa756540 75624->75625 75625->75608 75626->75623 75627 7ffbaa762180 57 API calls 75626->75627 75628 7ffbaa7564f1 75627->75628 75628->75623 75629 7ffbaa759d20 8 API calls 75628->75629 75629->75623 75631 7ffbaa8696e1 75630->75631 75632 7ffbaa869712 75631->75632 75633 7ffbaa9041f0 2 API calls 75631->75633 75632->75607 75633->75632 75635 7ffbaa7621d1 75634->75635 75637 7ffbaa7621ea 75635->75637 75669 7ffbaa7c1920 75635->75669 75638 7ffbaa903b80 _log10_special 8 API calls 75637->75638 75639 7ffbaa6a0942 75638->75639 75639->75608 75640 7ffbaa759d20 75639->75640 75641 7ffbaa759d55 75640->75641 75648 7ffbaa759e97 75640->75648 75642 7ffbaa75a3a3 75641->75642 75644 7ffbaa759d8c 75641->75644 75641->75648 75694 7ffbaa6952b0 75642->75694 75645 7ffbaa6952b0 8 API calls 75644->75645 75644->75648 75649 7ffbaa759ded 75645->75649 75646 7ffbaa75a3b6 75647 7ffbaa6952b0 8 API calls 75646->75647 75647->75648 75648->75608 75649->75648 75651 7ffbaa759f9c 75649->75651 75704 7ffbaa73d080 8 API calls 3 library calls 75649->75704 75651->75648 75652 7ffbaa6952b0 8 API calls 75651->75652 75653 7ffbaa75a11d 75651->75653 75652->75653 75653->75648 75654 7ffbaa6b3060 8 API calls 75653->75654 75654->75653 75656 7ffbaa904144 75655->75656 75657 7ffbaa90416e Concurrency::cancel_current_task 75656->75657 75660 7ffbaa94ad70 75656->75660 75663 7ffbaa94adac 75660->75663 75666 7ffbaa94b118 EnterCriticalSection 75663->75666 75667->75618 75668->75619 75670 7ffbaa7c1966 75669->75670 75671 7ffbaa7c1ed8 75669->75671 75689 7ffbaa904144 75670->75689 75673 7ffbaa903b80 _log10_special 8 API calls 75671->75673 75674 7ffbaa7c2046 75673->75674 75674->75637 75690 7ffbaa90414f 75689->75690 75691 7ffbaa90416e Concurrency::cancel_current_task 75690->75691 75693 7ffbaa94ad70 wcsftime EnterCriticalSection 75690->75693 75693->75690 75695 7ffbaa695370 75694->75695 75696 7ffbaa6952cd 75694->75696 75695->75646 75696->75695 75698 7ffbaa6953ec 75696->75698 75701 7ffbaa6953d5 75696->75701 75697 7ffbaa7cff39 75697->75646 75698->75695 75699 7ffbaa6952b0 8 API calls 75698->75699 75699->75698 75701->75697 75703 7ffbaa6952b0 8 API calls 75701->75703 75705 7ffbaa6b3060 8 API calls _log10_special 75701->75705 75706 7ffbaa73a7e0 8 API calls _log10_special 75701->75706 75703->75701 75704->75649 75705->75701 75706->75701 75707 7ffbaa692300 75708 7ffbaa692351 75707->75708 75713 7ffbaa694660 EnterCriticalSection 75708->75713 75709 7ffbaa903b80 _log10_special 8 API calls 75711 7ffbaa69240e 75709->75711 75710 7ffbaa6923c1 75710->75709 75714 7ffbaa6946be 75713->75714 75715 7ffbaa6947ac SetTimer 75714->75715 75716 7ffbaa6947c0 75714->75716 75715->75716 75717 7ffbaa6947fb LeaveCriticalSection 75716->75717 75718 7ffbaa903b80 _log10_special 8 API calls 75717->75718 75719 7ffbaa694811 75718->75719 75719->75710 75720 7ffbaa696100 75723 7ffbaa696132 75720->75723 75721 7ffbaa903b80 _log10_special 8 API calls 75722 7ffbaa6961a2 75721->75722 75723->75721 75724 7ffbaa94bdd4 75725 7ffbaa94be1f 75724->75725 75729 7ffbaa94bde3 wcsftime 75724->75729 75731 7ffbaa93dd28 10 API calls memcpy_s 75725->75731 75726 7ffbaa94be06 HeapAlloc 75728 7ffbaa94be1d 75726->75728 75726->75729 75729->75725 75729->75726 75730 7ffbaa94ad70 wcsftime EnterCriticalSection 75729->75730 75730->75729 75731->75728 75732 7ff6ae5f8ee8 GetCurrentProcessId 75733 7ff6ae5f8ef5 75732->75733 75751 7ff6ae751820 75733->75751 75736 7ff6ae5f8f0a 75737 7ff6ae5f79d0 77 API calls 75736->75737 75743 7ff6ae5f8f4d 75737->75743 75738 7ff6ae5f8fd7 75762 7ff6ae601d80 75738->75762 75739 7ff6ae5f9061 InstupInit 75744 7ff6ae5f906d 75739->75744 75742 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75742->75739 75743->75739 75745 7ff6ae601d80 77 API calls 75744->75745 75746 7ff6ae5f9110 75745->75746 75747 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75746->75747 75748 7ff6ae5f942a 75747->75748 75749 7ff6ae7acd10 DName::DName 8 API calls 75748->75749 75750 7ff6ae5f9438 75749->75750 75755 7ff6ae751858 75751->75755 75752 7ff6ae7518c0 CreateFileW 75753 7ff6ae7518ff GetLastError 75752->75753 75752->75755 75754 7ff6ae7519cc 75753->75754 75757 7ff6ae7519d4 CloseHandle 75754->75757 75758 7ff6ae7519df 75754->75758 75755->75752 75755->75754 75756 7ff6ae751943 DeviceIoControl 75755->75756 75756->75755 75760 7ff6ae7519b6 GetLastError 75756->75760 75757->75758 75759 7ff6ae7acd10 DName::DName 8 API calls 75758->75759 75761 7ff6ae5f8f02 75759->75761 75760->75754 75761->75736 75761->75738 75763 7ff6ae5f79d0 77 API calls 75762->75763 75766 7ff6ae601dd0 75763->75766 75764 7ff6ae601e61 75765 7ff6ae7acd10 DName::DName 8 API calls 75764->75765 75767 7ff6ae5f9056 75765->75767 75766->75764 75771 7ff6ae60a5f0 44 API calls DName::DName 75766->75771 75767->75742 75769 7ff6ae601e12 75770 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75769->75770 75770->75764 75771->75769 75772 7ff6ae753c10 75773 7ff6ae753c4b 75772->75773 75776 7ff6ae753c61 75772->75776 75774 7ff6ae753c7c 75775 7ff6ae753d7b CompareStringW 75775->75776 75776->75774 75776->75775 75777 7ff6ae753e6d CompareStringW 75776->75777 75777->75774 75777->75776 75778 7ff6ae74f550 75779 7ff6ae74f5cb 75778->75779 75780 7ff6ae74f5f8 75778->75780 75782 7ff6ae7acdf0 3 API calls 75779->75782 75880 7ff6ae74fcd0 100 API calls Concurrency::cancel_current_task 75780->75880 75784 7ff6ae74f5d7 75782->75784 75783 7ff6ae74f607 75785 7ff6ae74f787 GetFileVersionInfoSizeW 75783->75785 75881 7ff6ae742980 75783->75881 75784->75780 75909 7ff6ae7aad50 52 API calls 75784->75909 75789 7ff6ae74f93f GetLastError 75785->75789 75800 7ff6ae74f7c2 75785->75800 75915 7ff6ae75d7e0 75789->75915 75790 7ff6ae74f614 75793 7ff6ae74f61c 75790->75793 75794 7ff6ae74f8b8 75790->75794 75791 7ff6ae74f5e5 75910 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 75791->75910 75798 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 75793->75798 75913 7ff6ae73b130 45 API calls std::_Throw_Cpp_error 75794->75913 75803 7ff6ae74f645 75798->75803 75799 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75804 7ff6ae74f96f 75799->75804 75801 7ff6ae74f7df GetFileVersionInfoW 75800->75801 75805 7ff6ae74f7f8 VerQueryValueW 75801->75805 75806 7ff6ae74f970 GetLastError 75801->75806 75802 7ff6ae74f8fc 75807 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75802->75807 75808 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 75803->75808 75804->75806 75810 7ff6ae74f9a0 GetLastError 75805->75810 75811 7ff6ae74f820 75805->75811 75809 7ff6ae75d7e0 42 API calls 75806->75809 75812 7ff6ae74f910 75807->75812 75813 7ff6ae74f67b 75808->75813 75814 7ff6ae74f98c 75809->75814 75816 7ff6ae75d7e0 42 API calls 75810->75816 75815 7ff6ae74f9d0 GetLastError 75811->75815 75828 7ff6ae74f834 75811->75828 75819 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 75812->75819 75898 7ff6ae74e7f0 61 API calls 3 library calls 75813->75898 75818 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75814->75818 75822 7ff6ae75d7e0 42 API calls 75815->75822 75820 7ff6ae74f9bc 75816->75820 75818->75810 75823 7ff6ae74f916 75819->75823 75824 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75820->75824 75821 7ff6ae74f686 75899 7ff6ae74ee20 75821->75899 75826 7ff6ae74f9ec 75822->75826 75914 7ff6ae75d7a0 42 API calls 75823->75914 75824->75815 75827 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75826->75827 75831 7ff6ae74fa00 75827->75831 75829 7ff6ae74f883 75828->75829 75912 7ff6ae74fda0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 75828->75912 75830 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75829->75830 75835 7ff6ae74f891 75830->75835 75836 7ff6ae74fb65 75831->75836 75918 7ff6ae74e120 45 API calls std::_Throw_Cpp_error 75831->75918 75834 7ff6ae74f6f8 75837 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75834->75837 75840 7ff6ae7acd10 DName::DName 8 API calls 75835->75840 75943 7ff6ae75d7a0 42 API calls 75836->75943 75841 7ff6ae74f74b 75837->75841 75838 7ff6ae74f92b 75843 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75838->75843 75844 7ff6ae74f8a4 75840->75844 75846 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75841->75846 75843->75789 75849 7ff6ae74f756 75846->75849 75847 7ff6ae74fb76 75850 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75847->75850 75848 7ff6ae74fa92 75919 7ff6ae74e2a0 75848->75919 75852 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75849->75852 75853 7ff6ae74fb87 75850->75853 75855 7ff6ae74f764 75852->75855 75856 7ff6ae74fb88 GetLastError 75853->75856 75854 7ff6ae74fa9b 75857 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75854->75857 75858 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75855->75858 75944 7ff6ae6aac20 45 API calls std::_Throw_Cpp_error 75856->75944 75860 7ff6ae74faa6 75857->75860 75861 7ff6ae74f76f 75858->75861 75863 7ff6ae74fab3 CreateFileW 75860->75863 75864 7ff6ae74fab0 75860->75864 75911 7ff6ae74f050 GetFileAttributesW SetFileAttributesW CopyFileW GetLastError Sleep 75861->75911 75862 7ff6ae74fbb7 75866 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75862->75866 75863->75856 75867 7ff6ae74faf3 WriteFile 75863->75867 75864->75863 75869 7ff6ae74fbc8 75866->75869 75871 7ff6ae74fb39 GetLastError 75867->75871 75872 7ff6ae74fb14 CloseHandle 75867->75872 75868 7ff6ae74f77f 75868->75785 75868->75823 75870 7ff6ae74fbf2 75869->75870 75945 7ff6ae74fda0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 75869->75945 75874 7ff6ae75d7e0 42 API calls 75871->75874 75875 7ff6ae7acd10 DName::DName 8 API calls 75872->75875 75877 7ff6ae74fb53 75874->75877 75876 7ff6ae74fb2d 75875->75876 75878 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 75877->75878 75879 7ff6ae74fb64 75878->75879 75879->75836 75880->75783 75882 7ff6ae7429af 75881->75882 75883 7ff6ae7429f4 75881->75883 75884 7ff6ae7acdf0 3 API calls 75882->75884 75946 7ff6ae6224e0 75883->75946 75886 7ff6ae7429bb 75884->75886 75886->75883 75888 7ff6ae7429c4 GetModuleHandleW GetProcAddress 75886->75888 75951 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 75888->75951 75889 7ff6ae742a6d 75891 7ff6ae7acd10 DName::DName 8 API calls 75889->75891 75890 7ff6ae742a02 75893 7ff6ae742a13 GetCurrentProcess 75890->75893 75894 7ff6ae742a43 75890->75894 75895 7ff6ae742a7c 75891->75895 75893->75894 75896 7ff6ae7acd10 DName::DName 8 API calls 75894->75896 75895->75790 75897 7ff6ae742a64 75896->75897 75897->75790 75898->75821 75902 7ff6ae74eec0 75899->75902 75903 7ff6ae5fc510 44 API calls 75902->75903 75904 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75902->75904 75905 7ff6ae74efaf 75902->75905 75906 7ff6ae74ef7c GetFileAttributesW 75902->75906 75908 7ff6ae74ef79 75902->75908 75954 7ff6ae75a720 EnterCriticalSection 75902->75954 75965 7ff6ae609d40 44 API calls 2 library calls 75902->75965 75903->75902 75904->75902 75905->75812 75905->75834 75906->75908 75907 7ff6ae74ef9c GetFileAttributesW 75907->75905 75907->75908 75908->75902 75908->75905 75908->75906 75908->75907 75909->75791 75911->75868 75912->75829 75913->75802 75914->75838 75991 7ff6ae605cd0 75915->75991 75918->75848 75920 7ff6ae74e2c6 75919->75920 75921 7ff6ae74e2c9 CreateDirectoryW 75919->75921 75920->75921 75922 7ff6ae74e437 75921->75922 75923 7ff6ae74e2de GetLastError 75921->75923 75922->75854 75924 7ff6ae74e2eb GetFileAttributesW 75923->75924 75925 7ff6ae74e325 75923->75925 75928 7ff6ae74e30b SetLastError 75924->75928 75929 7ff6ae74e303 75924->75929 75927 7ff6ae74e316 75925->75927 75931 7ff6ae74e3d4 75925->75931 75932 7ff6ae74e39f 75925->75932 76002 7ff6ae60c4d0 8 API calls 2 library calls 75925->76002 75927->75854 75928->75927 75929->75922 75929->75928 75933 7ff6ae74e3ed 75931->75933 75934 7ff6ae74e3f0 CreateDirectoryW 75931->75934 75932->75925 75935 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 75932->75935 75933->75934 75934->75922 75936 7ff6ae74e3fc GetLastError 75934->75936 75939 7ff6ae74e3ac CreateDirectoryW 75935->75939 75937 7ff6ae74e40b 75936->75937 75938 7ff6ae74e40e GetFileAttributesW 75936->75938 75937->75938 75940 7ff6ae74e41c 75938->75940 75941 7ff6ae74e420 SetLastError 75938->75941 75942 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 75939->75942 75940->75922 75940->75941 75941->75854 75942->75932 75943->75847 75944->75862 75945->75870 75952 7ff6ae7fe6e0 75946->75952 75948 7ff6ae622539 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 75949 7ff6ae7acd10 DName::DName 8 API calls 75948->75949 75950 7ff6ae6225ac 75949->75950 75950->75889 75950->75890 75953 7ff6ae7fe6d0 75952->75953 75953->75948 75953->75953 75955 7ff6ae75a774 75954->75955 75961 7ff6ae75a7b4 75954->75961 75956 7ff6ae7acdf0 3 API calls 75955->75956 75957 7ff6ae75a780 75956->75957 75957->75961 75966 7ff6ae758920 75957->75966 75962 7ff6ae75ab49 LeaveCriticalSection 75961->75962 75963 7ff6ae7acd10 DName::DName 8 API calls 75962->75963 75964 7ff6ae75acc7 75963->75964 75964->75902 75965->75902 75990 7ff6ae75b190 75966->75990 75968 7ff6ae75895a GetSystemTimeAsFileTime 75969 7ff6ae75899c 75968->75969 75970 7ff6ae758bc4 GetCurrentProcessId 75969->75970 75971 7ff6ae758c01 75970->75971 75972 7ff6ae758cfe GetCurrentThreadId 75971->75972 75974 7ff6ae758d3b 75972->75974 75973 7ff6ae758e38 GlobalMemoryStatusEx 75975 7ff6ae759360 GetDiskFreeSpaceExW 75973->75975 75986 7ff6ae758e7e 75973->75986 75974->75973 75976 7ff6ae7595d2 GetSystemTimes 75975->75976 75978 7ff6ae75937a 75975->75978 75977 7ff6ae759d68 QueryPerformanceCounter 75976->75977 75988 7ff6ae7595f5 75976->75988 75980 7ff6ae759d7d 75977->75980 75978->75976 75979 7ff6ae75a25d CryptAcquireContextW 75981 7ff6ae75a289 CryptGenRandom 75979->75981 75983 7ff6ae75a525 75979->75983 75980->75979 75982 7ff6ae75a516 CryptReleaseContext 75981->75982 75987 7ff6ae75a2b1 75981->75987 75982->75983 75984 7ff6ae7acd10 DName::DName 8 API calls 75983->75984 75985 7ff6ae75a709 75984->75985 75989 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 75985->75989 75986->75975 75987->75982 75988->75977 75990->75968 75992 7ff6ae7aec50 __std_exception_copy 42 API calls 75991->75992 75993 7ff6ae605d3c 75992->75993 75994 7ff6ae605d5d 75993->75994 75995 7ff6ae7aece0 __std_exception_destroy 13 API calls 75993->75995 75996 7ff6ae7aece0 __std_exception_destroy 13 API calls 75994->75996 75997 7ff6ae605d4f 75995->75997 75998 7ff6ae605d6c 75996->75998 75999 7ff6ae7aec50 __std_exception_copy 42 API calls 75997->75999 76000 7ff6ae7acd10 DName::DName 8 API calls 75998->76000 75999->75994 76001 7ff6ae605d7c 76000->76001 76001->75799 76002->75925 76007 7ffbaa686a70 76019 7ffbaa686720 76007->76019 76009 7ffbaa686ab3 76010 7ffbaa686b1e KillTimer 76009->76010 76011 7ffbaa686abc EnterCriticalSection 76009->76011 76015 7ffbaa686b2b 76010->76015 76012 7ffbaa686b02 76011->76012 76013 7ffbaa686ae3 76011->76013 76018 7ffbaa686b13 LeaveCriticalSection 76012->76018 76017 7ffbaa686af4 KillTimer 76013->76017 76013->76018 76014 7ffbaa903b80 _log10_special 8 API calls 76016 7ffbaa686b5a 76014->76016 76015->76014 76017->76018 76018->76015 76025 7ffbaa6866a0 76019->76025 76026 7ffbaa68670f EnterCriticalSection 76025->76026 76027 7ffbaa6866c9 76025->76027 76034 7ffbaa6865b0 76026->76034 76042 7ffbaa903ff4 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 76027->76042 76035 7ffbaa686692 LeaveCriticalSection 76034->76035 76036 7ffbaa6865dd 76034->76036 76035->76009 76043 7ffbaa903ff4 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 76036->76043 76044 7ffbaa686e70 76045 7ffbaa686e7c EnterCriticalSection 76044->76045 76046 7ffbaa686e85 76044->76046 76045->76046 76047 7ffbaa686ea8 76046->76047 76048 7ffbaa688a20 76046->76048 76050 7ffbaa687ee7 76047->76050 76058 7ffbaa68e790 GetDlgCtrlID 76047->76058 76048->76050 76053 7ffbaa688a5d SetFocus 76048->76053 76051 7ffbaa6885a5 LeaveCriticalSection 76050->76051 76052 7ffbaa6885af 76050->76052 76051->76052 76056 7ffbaa903b80 _log10_special 8 API calls 76052->76056 76054 7ffbaa688a7b 76053->76054 76067 7ffbaa72a270 8 API calls _log10_special 76054->76067 76057 7ffbaa6885e3 76056->76057 76059 7ffbaa68e819 GetParent SendMessageA 76058->76059 76060 7ffbaa68e7fd 76058->76060 76059->76060 76061 7ffbaa68e862 76060->76061 76068 7ffbaa68ef00 GetAsyncKeyState GetAsyncKeyState GetAsyncKeyState 76060->76068 76063 7ffbaa903b80 _log10_special 8 API calls 76061->76063 76065 7ffbaa68e87f 76063->76065 76064 7ffbaa68e850 76069 7ffbaa729610 76064->76069 76065->76050 76067->76050 76068->76064 76074 7ffbaa729661 76069->76074 76075 7ffbaa729668 76069->76075 76070 7ffbaa903b80 _log10_special 8 API calls 76071 7ffbaa72984a 76070->76071 76071->76061 76072 7ffbaa7297c0 76072->76074 76077 7ffbaa729940 10 API calls _log10_special 76072->76077 76074->76070 76075->76072 76078 7ffbaa697c80 8 API calls _log10_special 76075->76078 76077->76074 76078->76072 76079 7ff6ae5f9a81 76080 7ff6ae5f9a8b 76079->76080 76081 7ff6ae5f9b0f GetSystemTimeAsFileTime FileTimeToSystemTime 76080->76081 76082 7ff6ae5f9ae7 GetProcessHeap HeapSetInformation 76080->76082 76253 7ff6ae5fd3e0 76081->76253 76082->76081 76085 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76086 7ff6ae5f9baa GetCommandLineW 76085->76086 76087 7ff6ae5f9bc2 76086->76087 76087->76087 76088 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76087->76088 76089 7ff6ae5f9bd8 76088->76089 76090 7ff6ae5fd3e0 101 API calls 76089->76090 76091 7ff6ae5f9bf2 76090->76091 76092 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76091->76092 76093 7ff6ae5f9bfb 76092->76093 76094 7ff6ae5fc6b0 44 API calls 76093->76094 76095 7ff6ae5f9c0f 76094->76095 76096 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76095->76096 76097 7ff6ae5f9c46 76096->76097 76288 7ff6ae5fe6f0 76097->76288 76100 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76101 7ff6ae5f9c9f 76100->76101 76102 7ff6ae5f9e2e 76101->76102 76103 7ff6ae5f9ca8 76101->76103 76104 7ff6ae5fe0f0 44 API calls 76102->76104 76106 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76103->76106 76105 7ff6ae5f9e2c 76104->76105 76108 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76105->76108 76107 7ff6ae5f9cd6 76106->76107 76110 7ff6ae5fe6f0 100 API calls 76107->76110 76109 7ff6ae5f9e75 76108->76109 76112 7ff6ae5fe6f0 100 API calls 76109->76112 76111 7ff6ae5f9d1d 76110->76111 76113 7ff6ae5f9d82 76111->76113 76116 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76111->76116 76115 7ff6ae5f9ec3 76112->76115 76114 7ff6ae5fc6b0 44 API calls 76113->76114 76117 7ff6ae5f9d91 76114->76117 76118 7ff6ae5f79d0 77 API calls 76115->76118 76119 7ff6ae5f9d68 76116->76119 76121 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76117->76121 76122 7ff6ae5f9efc 76118->76122 76368 7ff6ae5fe5b0 100 API calls 2 library calls 76119->76368 76124 7ff6ae5f9d9a 76121->76124 76123 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76122->76123 76125 7ff6ae5f9f6e 76123->76125 76127 7ff6ae5fe0f0 44 API calls 76124->76127 76126 7ff6ae5f79d0 77 API calls 76125->76126 76130 7ff6ae5f9f84 76126->76130 76128 7ff6ae5f9e20 76127->76128 76129 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76128->76129 76129->76105 76131 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76130->76131 76132 7ff6ae5f9ff1 76131->76132 76295 7ff6ae601ed0 76132->76295 76135 7ff6ae5f79d0 77 API calls 76136 7ff6ae5fa088 76135->76136 76137 7ff6ae5fa119 EnterCriticalSection 76136->76137 76300 7ff6ae6015e0 76137->76300 76139 7ff6ae5fa159 76140 7ff6ae6015e0 66 API calls 76139->76140 76145 7ff6ae5fa165 76140->76145 76142 7ff6ae5fa189 LeaveCriticalSection 76144 7ff6ae5fa1b0 76142->76144 76143 7ff6ae5fdf10 44 API calls 76143->76139 76144->76144 76147 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76144->76147 76145->76142 76146 7ff6ae5fdf10 44 API calls 76145->76146 76146->76142 76148 7ff6ae5fa1c6 76147->76148 76149 7ff6ae5fe6f0 100 API calls 76148->76149 76150 7ff6ae5fa213 76149->76150 76151 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76150->76151 76152 7ff6ae5fa21f 76151->76152 76153 7ff6ae5fa35f 76152->76153 76154 7ff6ae5fa228 76152->76154 76317 7ff6ae74fe40 76153->76317 76157 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76154->76157 76159 7ff6ae5fa257 76157->76159 76163 7ff6ae5fe6f0 100 API calls 76159->76163 76160 7ff6ae5fa3b9 76161 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76160->76161 76162 7ff6ae5fa3c5 76161->76162 76371 7ff6ae74e450 99 API calls 3 library calls 76162->76371 76164 7ff6ae5fa29d 76163->76164 76167 7ff6ae5fa302 76164->76167 76170 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76164->76170 76168 7ff6ae5fa32b 76167->76168 76174 7ff6ae5fdf10 44 API calls 76167->76174 76172 7ff6ae5fdf10 44 API calls 76168->76172 76169 7ff6ae5fa475 GetFileAttributesW 76171 7ff6ae5fa497 76169->76171 76173 7ff6ae5fa2e8 76170->76173 76177 7ff6ae5fa59b 76171->76177 76372 7ff6ae74e120 45 API calls std::_Throw_Cpp_error 76171->76372 76175 7ff6ae5fa355 76172->76175 76369 7ff6ae5fe5b0 100 API calls 2 library calls 76173->76369 76174->76168 76180 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76175->76180 76178 7ff6ae5fdf10 44 API calls 76177->76178 76187 7ff6ae5fa5c5 76178->76187 76181 7ff6ae5fa60b 76180->76181 76345 7ff6ae5f8bd0 EnterCriticalSection 76181->76345 76183 7ff6ae5fa54b 76184 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76183->76184 76184->76177 76186 7ff6ae5fa5f3 76189 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76186->76189 76187->76186 76194 7ff6ae5fdf10 44 API calls 76187->76194 76188 7ff6ae5fa4f7 76188->76183 76190 7ff6ae5faaf2 76188->76190 76195 7ff6ae5fa5ff 76189->76195 76191 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 76190->76191 76196 7ff6ae5faaf7 76191->76196 76194->76186 76195->76175 76373 7ff6ae5fdb20 76196->76373 76200 7ff6ae5fab18 76380 7ff6ae5fd8d0 44 API calls 2 library calls 76200->76380 76207 7ff6ae5fab21 76254 7ff6ae5fd42a 76253->76254 76260 7ff6ae5fd432 76253->76260 76255 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76254->76255 76255->76260 76256 7ff6ae5fde60 44 API calls std::_Throw_Cpp_error 76256->76260 76257 7ff6ae5fd45d 76258 7ff6ae5fd483 76257->76258 76261 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76257->76261 76381 7ff6ae5fe890 76258->76381 76260->76256 76260->76257 76261->76257 76263 7ff6ae5fd87f 76265 7ff6ae5fdb20 44 API calls 76263->76265 76267 7ff6ae5fd888 76265->76267 76269 7ff6ae7acd10 DName::DName 8 API calls 76267->76269 76271 7ff6ae5f9b9e 76269->76271 76271->76085 76289 7ff6ae5f9c93 76288->76289 76293 7ff6ae5fe71f 76288->76293 76289->76100 76290 7ff6ae7acdf0 3 API calls 76290->76293 76293->76289 76293->76290 76389 7ff6ae7aad50 52 API calls 76293->76389 76390 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 76293->76390 76391 7ff6ae600cd0 100 API calls 76293->76391 76296 7ff6ae5f79d0 77 API calls 76295->76296 76298 7ff6ae601f0a 76296->76298 76297 7ff6ae7acd10 DName::DName 8 API calls 76299 7ff6ae5fa036 76297->76299 76298->76297 76299->76135 76392 7ff6ae75bf70 76300->76392 76303 7ff6ae60163f 76428 7ff6ae602bd0 76303->76428 76305 7ff6ae60164a GetProcessHeap 76306 7ff6ae6016a1 76305->76306 76307 7ff6ae60167a 76305->76307 76310 7ff6ae6016d1 LeaveCriticalSection 76306->76310 76312 7ff6ae6016c2 HeapFree 76306->76312 76316 7ff6ae6016ca 76306->76316 76440 7ff6ae5fb010 45 API calls 3 library calls 76307->76440 76309 7ff6ae601687 76441 7ff6ae7c1908 40 API calls 2 library calls 76309->76441 76313 7ff6ae7acd10 DName::DName 8 API calls 76310->76313 76312->76310 76315 7ff6ae5fa135 76313->76315 76314 7ff6ae60169d 76314->76306 76315->76139 76315->76143 76316->76310 76445 7ff6ae602370 44 API calls 4 library calls 76317->76445 76319 7ff6ae74feb5 76320 7ff6ae74fed5 GetCurrentProcess K32GetMappedFileNameW 76319->76320 76323 7ff6ae750125 76319->76323 76321 7ff6ae74ff13 76320->76321 76322 7ff6ae7500f4 GetLastError 76320->76322 76329 7ff6ae74ff22 76321->76329 76535 7ff6ae602370 44 API calls 4 library calls 76321->76535 76324 7ff6ae75d7e0 42 API calls 76322->76324 76326 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76323->76326 76325 7ff6ae750111 76324->76325 76328 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76325->76328 76331 7ff6ae75014f GetLastError 76326->76331 76328->76323 76446 7ff6ae751080 76329->76446 76332 7ff6ae75d7e0 42 API calls 76331->76332 76334 7ff6ae75016c 76332->76334 76333 7ff6ae74fffe 76335 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76333->76335 76336 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76334->76336 76337 7ff6ae75000c 76335->76337 76338 7ff6ae750180 GetLastError 76336->76338 76340 7ff6ae7acd10 DName::DName 8 API calls 76337->76340 76339 7ff6ae75d7e0 42 API calls 76338->76339 76341 7ff6ae75019d 76339->76341 76342 7ff6ae5fa36b 76340->76342 76343 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76341->76343 76370 7ff6ae74e120 45 API calls std::_Throw_Cpp_error 76342->76370 76344 7ff6ae7501b1 76343->76344 76346 7ff6ae5f8c1a 76345->76346 76359 7ff6ae5f8c5a 76345->76359 76896 7ff6ae601710 81 API calls 2 library calls 76346->76896 76347 7ff6ae5f8d90 LeaveCriticalSection 76350 7ff6ae5f8cc0 76899 7ff6ae5f8640 54 API calls std::_Throw_Cpp_error 76350->76899 76351 7ff6ae5f8c38 76897 7ff6ae601710 81 API calls 2 library calls 76351->76897 76353 7ff6ae5f8cd6 76900 7ff6ae601710 81 API calls 2 library calls 76353->76900 76356 7ff6ae5f8cee 76357 7ff6ae5f82e0 std::_Throw_Cpp_error 45 API calls 76356->76357 76358 7ff6ae5f8cfb 76357->76358 76901 7ff6ae601a40 44 API calls 3 library calls 76358->76901 76359->76347 76898 7ff6ae601a40 44 API calls 3 library calls 76359->76898 76361 7ff6ae5f8d04 76902 7ff6ae5f8640 54 API calls std::_Throw_Cpp_error 76361->76902 76363 7ff6ae5f8d1a 76903 7ff6ae601710 81 API calls 2 library calls 76363->76903 76365 7ff6ae5f8d32 76366 7ff6ae5f82e0 std::_Throw_Cpp_error 45 API calls 76365->76366 76367 7ff6ae5f8d3f 76366->76367 76367->76347 76368->76113 76369->76167 76370->76160 76371->76169 76372->76188 76374 7ff6ae5fdb3c 76373->76374 76376 7ff6ae5fdb92 76373->76376 76375 7ff6ae5fdb61 76374->76375 76377 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76374->76377 76375->76376 76378 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 76375->76378 76376->76200 76377->76374 76379 7ff6ae5fdbb7 76378->76379 76380->76207 76382 7ff6ae5fd4a4 76381->76382 76383 7ff6ae5fe8e4 76381->76383 76382->76263 76386 7ff6ae5fe820 44 API calls std::_Throw_Cpp_error 76382->76386 76383->76382 76387 7ff6ae607170 44 API calls 2 library calls 76383->76387 76388 7ff6ae602210 44 API calls 4 library calls 76383->76388 76387->76383 76388->76383 76389->76293 76391->76293 76393 7ff6ae75bfa9 76392->76393 76394 7ff6ae75c13f 76392->76394 76395 7ff6ae75bfe0 GetModuleHandleW GetClassInfoExW 76393->76395 76396 7ff6ae7acd10 DName::DName 8 API calls 76394->76396 76398 7ff6ae75c128 76395->76398 76399 7ff6ae75c001 GetLastError Sleep 76395->76399 76397 7ff6ae601613 EnterCriticalSection 76396->76397 76397->76303 76398->76394 76399->76395 76400 7ff6ae75c01b 76399->76400 76401 7ff6ae75c027 GetProcessHeap 76400->76401 76404 7ff6ae75c193 76400->76404 76402 7ff6ae75c04a 76401->76402 76403 7ff6ae75c042 HeapAlloc 76401->76403 76406 7ff6ae75c1b9 Concurrency::cancel_current_task 76402->76406 76407 7ff6ae75c05c InitializeCriticalSection GetProcessHeap GetProcessHeap RegisterClassExW 76402->76407 76403->76402 76443 7ff6ae7493b0 45 API calls std::_Throw_Cpp_error 76404->76443 76416 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76406->76416 76409 7ff6ae75c0aa 76407->76409 76410 7ff6ae75c123 76407->76410 76408 7ff6ae75c1a8 76413 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76408->76413 76411 7ff6ae75c0e0 DeleteCriticalSection GetProcessHeap 76409->76411 76414 7ff6ae75c0ca HeapFree 76409->76414 76415 7ff6ae75c0d2 76409->76415 76412 7ff6ae75bf70 45 API calls 76410->76412 76417 7ff6ae75c10d 76411->76417 76418 7ff6ae75c105 HeapFree 76411->76418 76412->76398 76413->76406 76414->76415 76415->76411 76419 7ff6ae75c1d5 76416->76419 76420 7ff6ae75c116 GetLastError 76417->76420 76418->76420 76444 7ff6ae7aa870 44 API calls Concurrency::cancel_current_task 76419->76444 76420->76410 76421 7ff6ae75c168 GetLastError 76420->76421 76423 7ff6ae75c175 76421->76423 76442 7ff6ae7493b0 45 API calls std::_Throw_Cpp_error 76423->76442 76426 7ff6ae75c182 76427 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76426->76427 76427->76404 76429 7ff6ae75bf70 61 API calls 76428->76429 76436 7ff6ae602be9 76429->76436 76430 7ff6ae75bf70 61 API calls 76431 7ff6ae602c66 76430->76431 76432 7ff6ae602c6b 76431->76432 76437 7ff6ae602c7f Concurrency::cancel_current_task 76431->76437 76433 7ff6ae75bf70 61 API calls 76432->76433 76435 7ff6ae602c70 76433->76435 76434 7ff6ae602cb6 76434->76305 76435->76305 76436->76430 76437->76434 76438 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76437->76438 76439 7ff6ae602ce0 76438->76439 76440->76309 76441->76314 76442->76426 76443->76408 76445->76319 76447 7ff6ae75154e 76446->76447 76448 7ff6ae7510cf 76446->76448 76452 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76447->76452 76449 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76448->76449 76450 7ff6ae751104 76449->76450 76451 7ff6ae75114d 76450->76451 76454 7ff6ae7acdf0 3 API calls 76450->76454 76536 7ff6ae7515b0 100 API calls 76451->76536 76455 7ff6ae75156f 76452->76455 76461 7ff6ae75112c 76454->76461 76457 7ff6ae751598 FindVolumeClose 76455->76457 76458 7ff6ae75159e 76455->76458 76456 7ff6ae751176 76459 7ff6ae75117a 76456->76459 76460 7ff6ae7511f7 76456->76460 76457->76458 76458->76333 76623 7ff6ae691a70 44 API calls DName::DName 76459->76623 76463 7ff6ae5fdf10 44 API calls 76460->76463 76461->76451 76621 7ff6ae7aad50 52 API calls 76461->76621 76466 7ff6ae751211 76463->76466 76465 7ff6ae7511cd 76468 7ff6ae5fc6b0 44 API calls 76465->76468 76469 7ff6ae751248 76466->76469 76471 7ff6ae7acdf0 3 API calls 76466->76471 76467 7ff6ae75113a 76622 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 76467->76622 76472 7ff6ae7511d8 76468->76472 76537 7ff6ae7515b0 100 API calls 76469->76537 76474 7ff6ae751227 76471->76474 76475 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76472->76475 76474->76469 76624 7ff6ae7aad50 52 API calls 76474->76624 76477 7ff6ae7511e6 76475->76477 76476 7ff6ae751271 76478 7ff6ae7512f2 76476->76478 76479 7ff6ae751275 76476->76479 76482 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76477->76482 76481 7ff6ae5fdf10 44 API calls 76478->76481 76626 7ff6ae691a70 44 API calls DName::DName 76479->76626 76485 7ff6ae75130c 76481->76485 76486 7ff6ae7511ef 76482->76486 76484 7ff6ae751235 76625 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 76484->76625 76489 7ff6ae751343 76485->76489 76491 7ff6ae7acdf0 3 API calls 76485->76491 76492 7ff6ae7acd10 DName::DName 8 API calls 76486->76492 76487 7ff6ae7512c8 76490 7ff6ae5fc6b0 44 API calls 76487->76490 76538 7ff6ae7515b0 100 API calls 76489->76538 76494 7ff6ae7512d3 76490->76494 76495 7ff6ae751322 76491->76495 76496 7ff6ae75153a 76492->76496 76498 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76494->76498 76495->76489 76627 7ff6ae7aad50 52 API calls 76495->76627 76496->76333 76497 7ff6ae75136c 76499 7ff6ae751374 76497->76499 76508 7ff6ae751469 76497->76508 76500 7ff6ae7512e1 76498->76500 76539 7ff6ae7501c0 SHGetFolderPathW 76499->76539 76502 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76500->76502 76502->76486 76505 7ff6ae7514eb 76510 7ff6ae5fc6b0 44 API calls 76505->76510 76506 7ff6ae751330 76628 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 76506->76628 76507 7ff6ae5fe0f0 44 API calls 76508->76505 76514 7ff6ae7514a4 76508->76514 76512 7ff6ae7514f8 76510->76512 76630 7ff6ae750a50 62 API calls 5 library calls 76512->76630 76517 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76514->76517 76521 7ff6ae7514dd 76517->76521 76518 7ff6ae751505 76631 7ff6ae750df0 48 API calls 3 library calls 76518->76631 76524 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76521->76524 76522 7ff6ae751510 76524->76486 76535->76329 76536->76456 76537->76476 76538->76497 76540 7ff6ae750226 76539->76540 76541 7ff6ae75025e 76539->76541 76542 7ff6ae750238 GetWindowsDirectoryW 76540->76542 76543 7ff6ae750263 76540->76543 76554 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 76541->76554 76544 7ff6ae7506e7 GetLastError 76542->76544 76545 7ff6ae750253 76542->76545 76546 7ff6ae750268 GetSystemDirectoryW 76543->76546 76547 7ff6ae750293 76543->76547 76704 7ff6ae750990 45 API calls std::_Throw_Cpp_error 76544->76704 76545->76541 76549 7ff6ae75072c 76545->76549 76550 7ff6ae750776 GetLastError 76546->76550 76551 7ff6ae750283 76546->76551 76552 7ff6ae750298 76547->76552 76553 7ff6ae7502a5 76547->76553 76705 7ff6ae750990 45 API calls std::_Throw_Cpp_error 76549->76705 76706 7ff6ae750990 45 API calls std::_Throw_Cpp_error 76550->76706 76551->76541 76557 7ff6ae7507c1 76551->76557 76632 7ff6ae7508b0 58 API calls DName::DName 76552->76632 76560 7ff6ae7502aa 76553->76560 76561 7ff6ae7502b7 76553->76561 76618 7ff6ae7502a0 76554->76618 76555 7ff6ae75071b 76566 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76555->76566 76707 7ff6ae750990 45 API calls std::_Throw_Cpp_error 76557->76707 76633 7ff6ae750920 58 API calls DName::DName 76560->76633 76564 7ff6ae7503a5 76561->76564 76565 7ff6ae7502c0 76561->76565 76566->76549 76567 7ff6ae750761 76568 7ff6ae7507ad 76570 7ff6ae7acd10 DName::DName 8 API calls 76577 7ff6ae750520 76570->76577 76577->76507 76618->76570 76621->76467 76623->76465 76624->76484 76626->76487 76627->76506 76630->76518 76631->76522 76632->76618 76633->76618 76704->76555 76705->76567 76706->76568 76896->76351 76897->76359 76898->76350 76899->76353 76900->76356 76901->76361 76902->76363 76903->76365 76904 7ff6ae61c58f 76905 7ff6ae61c5aa shared_ptr 76904->76905 76961 7ff6ae620550 76905->76961 76910 7ff6ae61c72b 76913 7ff6ae61c747 76910->76913 76914 7ff6ae61cda3 76910->76914 76918 7ff6ae61c753 _Yarn 76910->76918 76911 7ff6ae61cd9e 77076 7ff6ae7aa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 76911->77076 76915 7ff6ae6020f0 std::_Throw_Cpp_error 44 API calls 76913->76915 77077 7ff6ae5f37d0 44 API calls 3 library calls 76914->77077 76915->76918 76976 7ff6ae621240 76918->76976 76919 7ff6ae61cda9 76920 7ff6ae61c9a2 76985 7ff6ae61cdb0 76920->76985 76922 7ff6ae61c7fb 76923 7ff6ae621240 45 API calls 76922->76923 76925 7ff6ae61c88c 76922->76925 76927 7ff6ae5fc6b0 44 API calls 76922->76927 77067 7ff6ae621b20 44 API calls 2 library calls 76922->77067 76923->76922 76924 7ff6ae61c9af 76928 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76924->76928 76925->76920 76929 7ff6ae7acdf0 3 API calls 76925->76929 77068 7ff6ae7aad50 52 API calls 76925->77068 77069 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 76925->77069 77070 7ff6ae600cd0 100 API calls 76925->77070 76927->76922 76930 7ff6ae61c9bd 76928->76930 76929->76925 76932 7ff6ae5fdb20 44 API calls 76930->76932 76933 7ff6ae61c9cb 76932->76933 76935 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76933->76935 76936 7ff6ae61c9d9 76935->76936 76988 7ff6ae62a470 GetModuleHandleW GetProcAddress 76936->76988 76939 7ff6ae61c9e5 76940 7ff6ae61c9e9 76939->76940 76941 7ff6ae61ca53 76939->76941 77071 7ff6ae606cc0 76940->77071 76942 7ff6ae61cb5b GetFileAttributesW 76941->76942 76943 7ff6ae61ca5e 76941->76943 76947 7ff6ae61cb77 76942->76947 76946 7ff6ae5f79d0 77 API calls 76943->76946 76956 7ff6ae61ca48 76946->76956 76949 7ff6ae61cbce 76947->76949 76950 7ff6ae61cba3 76947->76950 76954 7ff6ae5f79d0 77 API calls 76949->76954 77041 7ff6ae6215d0 76950->77041 76953 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76955 7ff6ae61ccb8 76953->76955 76954->76956 76957 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 76955->76957 77046 7ff6ae61cec0 76956->77046 76958 7ff6ae61ccc6 76957->76958 76959 7ff6ae7acd10 DName::DName 8 API calls 76958->76959 76960 7ff6ae61cd85 76959->76960 77078 7ff6ae5f4e90 76961->77078 76965 7ff6ae61c692 76971 7ff6ae620690 76965->76971 76966 7ff6ae6205c3 76966->76965 77087 7ff6ae5f4d60 45 API calls std::_Throw_Cpp_error 76966->77087 76968 7ff6ae620675 76969 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76968->76969 76970 7ff6ae620686 76969->76970 76972 7ff6ae7ace80 std::_Facet_Register 44 API calls 76971->76972 76973 7ff6ae62070d 76972->76973 76974 7ff6ae7aaaf0 52 API calls 76973->76974 76975 7ff6ae61c6e1 76974->76975 76975->76910 76975->76911 76982 7ff6ae621294 76976->76982 76977 7ff6ae6213ee 76977->76922 76978 7ff6ae62131c 76978->76977 77134 7ff6ae5f4d60 45 API calls std::_Throw_Cpp_error 76978->77134 76981 7ff6ae621464 76983 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76981->76983 76982->76978 77133 7ff6ae5fc440 44 API calls 76982->77133 76984 7ff6ae621475 76983->76984 77135 7ff6ae620490 76985->77135 76987 7ff6ae61ce0e 76987->76924 76989 7ff6ae62a50f 76988->76989 76990 7ff6ae62a4d4 76988->76990 76991 7ff6ae75bf70 61 API calls 76989->76991 76992 7ff6ae62a4e6 76990->76992 76993 7ff6ae62a772 76990->76993 76994 7ff6ae62a514 EnterCriticalSection 76991->76994 77140 7ff6ae630770 76992->77140 76998 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 76993->76998 76996 7ff6ae62a53c 76994->76996 77001 7ff6ae602bd0 61 API calls 76996->77001 77002 7ff6ae62a797 76998->77002 77000 7ff6ae62a50a 77040 7ff6ae62a64d 77000->77040 77219 7ff6ae62aa60 77000->77219 77003 7ff6ae62a54b GetProcessHeap 77001->77003 77012 7ff6ae62a868 77002->77012 77018 7ff6ae62a80a 77002->77018 77004 7ff6ae62a5a7 77003->77004 77005 7ff6ae62a57e 77003->77005 77011 7ff6ae62a5db LeaveCriticalSection 77004->77011 77022 7ff6ae62a5cc HeapFree 77004->77022 77023 7ff6ae62a5d4 77004->77023 77231 7ff6ae5fb010 45 API calls 3 library calls 77005->77231 77006 7ff6ae62a8f8 77007 7ff6ae62a907 RevertToSelf 77006->77007 77013 7ff6ae62a9e1 77006->77013 77007->77013 77014 7ff6ae62a915 77007->77014 77009 7ff6ae62a6d5 AddVectoredExceptionHandler 77016 7ff6ae62a6ed 77009->77016 77034 7ff6ae62a730 77009->77034 77011->77000 77012->77006 77024 7ff6ae62a88e VirtualQuery 77012->77024 77025 7ff6ae606cc0 77 API calls 77013->77025 77039 7ff6ae62a852 77013->77039 77026 7ff6ae5f79d0 77 API calls 77014->77026 77233 7ff6ae620e30 77 API calls DName::DName 77016->77233 77017 7ff6ae62a58a 77232 7ff6ae7c1908 40 API calls 2 library calls 77017->77232 77029 7ff6ae606cc0 77 API calls 77018->77029 77019 7ff6ae62a739 SetErrorMode 77020 7ff6ae62a747 77019->77020 77021 7ff6ae7acd10 DName::DName 8 API calls 77020->77021 77030 7ff6ae62a757 77021->77030 77022->77011 77023->77011 77024->77006 77031 7ff6ae62a8b4 GetModuleHandleW 77024->77031 77025->77039 77026->77039 77029->77039 77030->76939 77036 7ff6ae62a8c7 GetModuleHandleW 77031->77036 77037 7ff6ae62a8da 77031->77037 77032 7ff6ae7acd10 DName::DName 8 API calls 77038 7ff6ae62aa46 77032->77038 77033 7ff6ae5f79d0 77 API calls 77033->77040 77034->77019 77034->77020 77035 7ff6ae62a5a2 77035->77004 77036->77006 77036->77037 77037->77039 77038->76939 77039->77032 77040->77009 77040->77034 77042 7ff6ae5f79d0 77 API calls 77041->77042 77043 7ff6ae62160e 77042->77043 77044 7ff6ae7acd10 DName::DName 8 API calls 77043->77044 77045 7ff6ae62169a 77044->77045 77045->76956 77324 7ff6ae5faef0 77046->77324 77049 7ff6ae7aece0 __std_exception_destroy 13 API calls 77050 7ff6ae61cf3d 77049->77050 77327 7ff6ae6229f0 77050->77327 77053 7ff6ae61cf91 77055 7ff6ae5faef0 77 API calls 77053->77055 77054 7ff6ae5faef0 77 API calls 77056 7ff6ae61cf61 77054->77056 77057 7ff6ae61cfa5 77055->77057 77058 7ff6ae7aece0 __std_exception_destroy 13 API calls 77056->77058 77059 7ff6ae7aece0 __std_exception_destroy 13 API calls 77057->77059 77058->77053 77060 7ff6ae61cfd5 77059->77060 77061 7ff6ae6229f0 77 API calls 77060->77061 77062 7ff6ae61cfe1 77061->77062 77063 7ff6ae61ccaa 77062->77063 77064 7ff6ae5faef0 77 API calls 77062->77064 77063->76953 77065 7ff6ae61cff9 77064->77065 77066 7ff6ae7aece0 __std_exception_destroy 13 API calls 77065->77066 77066->77063 77067->76922 77068->76925 77070->76925 77072 7ff6ae5f79d0 77 API calls 77071->77072 77074 7ff6ae606cfd 77072->77074 77073 7ff6ae7acd10 DName::DName 8 API calls 77075 7ff6ae606d93 77073->77075 77074->77073 77075->76956 77077->76919 77079 7ff6ae7ace80 std::_Facet_Register 44 API calls 77078->77079 77080 7ff6ae5f4ed7 77079->77080 77088 7ff6ae7aaaf0 77080->77088 77083 7ff6ae6207f0 77084 7ff6ae62081d 77083->77084 77111 7ff6ae6058f0 77084->77111 77087->76968 77099 7ff6ae7aa5b0 77088->77099 77090 7ff6ae7aab12 77098 7ff6ae7aab56 _Yarn 77090->77098 77107 7ff6ae7aacec 44 API calls std::_Facet_Register 77090->77107 77092 7ff6ae7aab2a 77108 7ff6ae7aad1c 18 API calls std::locale::_Setgloballocale 77092->77108 77095 7ff6ae5f4ee7 77095->77083 77096 7ff6ae7aab35 77096->77098 77109 7ff6ae7c19f0 13 API calls 2 library calls 77096->77109 77098->77098 77103 7ff6ae7aa630 77098->77103 77100 7ff6ae7aa5bf 77099->77100 77101 7ff6ae7aa5c4 77099->77101 77110 7ff6ae7d02d4 6 API calls std::_Locinfo::_Locinfo_ctor 77100->77110 77101->77090 77104 7ff6ae7aa644 77103->77104 77105 7ff6ae7aa63b LeaveCriticalSection 77103->77105 77104->77095 77107->77092 77108->77096 77109->77098 77112 7ff6ae7aa5b0 std::_Lockit::_Lockit 6 API calls 77111->77112 77113 7ff6ae605924 77112->77113 77114 7ff6ae7aa5b0 std::_Lockit::_Lockit 6 API calls 77113->77114 77117 7ff6ae605972 77113->77117 77115 7ff6ae605947 77114->77115 77118 7ff6ae7aa630 std::_Lockit::~_Lockit LeaveCriticalSection 77115->77118 77116 7ff6ae60598e 77119 7ff6ae7aa630 std::_Lockit::~_Lockit LeaveCriticalSection 77116->77119 77117->77116 77130 7ff6ae5f4660 93 API calls 7 library calls 77117->77130 77118->77117 77120 7ff6ae6059d9 77119->77120 77122 7ff6ae7acd10 DName::DName 8 API calls 77120->77122 77124 7ff6ae6059e9 77122->77124 77123 7ff6ae6059a0 77125 7ff6ae6059f9 77123->77125 77126 7ff6ae6059a6 77123->77126 77124->76966 77132 7ff6ae5f3e10 44 API calls 2 library calls 77125->77132 77131 7ff6ae7aaaa0 44 API calls std::_Facet_Register 77126->77131 77129 7ff6ae6059fe 77130->77123 77131->77116 77132->77129 77133->76982 77134->76981 77136 7ff6ae6204a5 77135->77136 77137 7ff6ae6204fe 77135->77137 77136->77137 77138 7ff6ae7c2130 _invalid_parameter_noinfo_noreturn 40 API calls 77136->77138 77137->76987 77139 7ff6ae620543 77138->77139 77141 7ff6ae75bf70 61 API calls 77140->77141 77142 7ff6ae6307ab EnterCriticalSection GetProcessHeap 77141->77142 77143 7ff6ae7aed70 77142->77143 77144 7ff6ae6307e7 GetProcessHeap 77143->77144 77145 7ff6ae630873 77144->77145 77152 7ff6ae63080e 77144->77152 77146 7ff6ae630889 HeapAlloc 77145->77146 77147 7ff6ae630891 77145->77147 77146->77147 77148 7ff6ae6309a2 Concurrency::cancel_current_task 77147->77148 77149 7ff6ae6308a3 GetProcessHeap 77147->77149 77156 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77148->77156 77234 7ff6ae608cb0 77149->77234 77151 7ff6ae6309bb Concurrency::cancel_current_task 77161 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77151->77161 77152->77145 77152->77151 77153 7ff6ae630846 HeapAlloc 77152->77153 77154 7ff6ae63084e 77152->77154 77153->77154 77159 7ff6ae6309d5 Concurrency::cancel_current_task 77154->77159 77241 7ff6ae7c1908 40 API calls 2 library calls 77154->77241 77156->77151 77168 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77159->77168 77161->77159 77170 7ff6ae6309ef 77168->77170 77220 7ff6ae62aa9c 77219->77220 77221 7ff6ae62ab61 SetUnhandledExceptionFilter 77219->77221 77224 7ff6ae5f79d0 77 API calls 77220->77224 77222 7ff6ae62abec 77221->77222 77223 7ff6ae62ab7c GetModuleHandleW GetProcAddress 77221->77223 77319 7ff6ae62b740 77222->77319 77223->77222 77225 7ff6ae62aba1 VirtualProtect 77223->77225 77229 7ff6ae62aadf 77224->77229 77225->77222 77227 7ff6ae62abc2 VirtualProtect 77225->77227 77227->77222 77228 7ff6ae7acd10 DName::DName 8 API calls 77230 7ff6ae62a602 77228->77230 77229->77228 77230->77033 77230->77040 77231->77017 77232->77035 77233->77034 77235 7ff6ae602bd0 61 API calls 77234->77235 77236 7ff6ae608d08 GetProcessHeap 77235->77236 77237 7ff6ae608d57 77236->77237 77238 7ff6ae75bf70 61 API calls 77237->77238 77239 7ff6ae608d64 GetProcessHeap 77238->77239 77242 7ff6ae606070 48 API calls 3 library calls 77239->77242 77241->77145 77320 7ff6ae5f79d0 77 API calls 77319->77320 77321 7ff6ae62b77a 77320->77321 77322 7ff6ae7acd10 DName::DName 8 API calls 77321->77322 77323 7ff6ae62b806 77322->77323 77323->77229 77332 7ff6ae5fd980 77324->77332 77328 7ff6ae5faef0 77 API calls 77327->77328 77329 7ff6ae622a24 77328->77329 77330 7ff6ae7aece0 __std_exception_destroy 13 API calls 77329->77330 77331 7ff6ae61cf49 77330->77331 77331->77053 77331->77054 77340 7ff6ae5fe3f0 77332->77340 77335 7ff6ae74d250 45 API calls 77337 7ff6ae5fd9b5 77335->77337 77336 7ff6ae5faf0e 77336->77049 77337->77336 77370 7ff6ae5f37b0 20 API calls 77337->77370 77341 7ff6ae5fe431 77340->77341 77367 7ff6ae5fe58e 77340->77367 77343 7ff6ae5fe542 77341->77343 77344 7ff6ae5f7380 67 API calls 77341->77344 77345 7ff6ae7acd10 DName::DName 8 API calls 77343->77345 77347 7ff6ae5fe455 77344->77347 77348 7ff6ae5fd9ad 77345->77348 77346 7ff6ae5fe59f 77349 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77346->77349 77350 7ff6ae5fe461 77347->77350 77351 7ff6ae5fe4ff 77347->77351 77348->77335 77352 7ff6ae5fe5af 77349->77352 77371 7ff6ae5fecc0 77350->77371 77354 7ff6ae5fe504 WaitForSingleObject 77351->77354 77369 7ff6ae5fe4f1 77351->77369 77354->77369 77356 7ff6ae5fe527 CloseHandle 77359 7ff6ae7acd30 77356->77359 77357 7ff6ae5fe56e 77375 7ff6ae75d690 42 API calls 77357->77375 77358 7ff6ae5fe49e 77360 7ff6ae7ace80 std::_Facet_Register 44 API calls 77358->77360 77359->77343 77362 7ff6ae5fe4b3 77360->77362 77374 7ff6ae74db00 60 API calls 77362->77374 77363 7ff6ae5fe57e 77365 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77363->77365 77365->77367 77366 7ff6ae5fe4e2 77368 7ff6ae74d160 66 API calls 77366->77368 77376 7ff6ae75d690 42 API calls 77367->77376 77368->77369 77369->77343 77369->77356 77377 7ff6ae5fed90 77371->77377 77374->77366 77375->77363 77376->77346 77378 7ff6ae7ace80 std::_Facet_Register 44 API calls 77377->77378 77379 7ff6ae5fed9e 77378->77379 77382 7ff6ae5feef0 77379->77382 77383 7ff6ae5fef4b 77382->77383 77385 7ff6ae5fe48a 77383->77385 77386 7ff6ae5ff230 77383->77386 77385->77357 77385->77358 77387 7ff6ae5ff26e 77386->77387 77388 7ff6ae74b450 47 API calls 77387->77388 77389 7ff6ae5ff287 77388->77389 77394 7ff6ae7af5f0 RtlPcToFileHeader RtlPcToFileHeader RaiseException Concurrency::cancel_current_task FindMITargetTypeInstance 77389->77394 77391 7ff6ae5ff33c 77392 7ff6ae7acd10 DName::DName 8 API calls 77391->77392 77393 7ff6ae5ff3c4 77392->77393 77393->77385 77394->77391 77395 7ff6ae61bf4f 77396 7ff6ae61bf52 77395->77396 77396->77396 77397 7ff6ae5fdf10 44 API calls 77396->77397 77398 7ff6ae61bf6d 77397->77398 77399 7ff6ae61bf78 PathRemoveFileSpecW 77398->77399 77400 7ff6ae61bfb1 77398->77400 77401 7ff6ae61bf91 77399->77401 77403 7ff6ae7ad254 43 API calls 77400->77403 77401->77401 77402 7ff6ae5fdf10 44 API calls 77401->77402 77402->77400 77404 7ff6ae61bfcd 77403->77404 77405 7ff6ae5faef0 77 API calls 77404->77405 77406 7ff6ae61bffb 77405->77406 77407 7ff6ae7aece0 __std_exception_destroy 13 API calls 77406->77407 77408 7ff6ae61c03b 77407->77408 77409 7ff6ae6229f0 77 API calls 77408->77409 77410 7ff6ae61c047 77409->77410 77411 7ff6ae5faef0 77 API calls 77410->77411 77412 7ff6ae61c0d9 77411->77412 77413 7ff6ae7aece0 __std_exception_destroy 13 API calls 77412->77413 77414 7ff6ae61c119 77413->77414 77415 7ff6ae6229f0 77 API calls 77414->77415 77416 7ff6ae61c125 77415->77416 77417 7ff6ae61c9d9 77416->77417 77418 7ff6ae5f83a0 std::_Throw_Cpp_error 45 API calls 77416->77418 77419 7ff6ae62a470 341 API calls 77417->77419 77427 7ff6ae61c44c 77418->77427 77420 7ff6ae61c9e5 77419->77420 77421 7ff6ae61c9e9 77420->77421 77422 7ff6ae61ca53 77420->77422 77425 7ff6ae606cc0 77 API calls 77421->77425 77423 7ff6ae61cb5b GetFileAttributesW 77422->77423 77424 7ff6ae61ca5e 77422->77424 77429 7ff6ae61cb77 77423->77429 77428 7ff6ae5f79d0 77 API calls 77424->77428 77430 7ff6ae61ca48 77425->77430 77431 7ff6ae6227d0 44 API calls 77427->77431 77428->77430 77434 7ff6ae61cbce 77429->77434 77435 7ff6ae61cba3 77429->77435 77433 7ff6ae61cec0 77 API calls 77430->77433 77432 7ff6ae61c4c0 77431->77432 77436 7ff6ae62beb0 44 API calls 77432->77436 77437 7ff6ae61ccaa 77433->77437 77441 7ff6ae5f79d0 77 API calls 77434->77441 77438 7ff6ae6215d0 77 API calls 77435->77438 77439 7ff6ae61c4f1 77436->77439 77440 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 77437->77440 77438->77430 77442 7ff6ae754980 117 API calls 77439->77442 77443 7ff6ae61ccb8 77440->77443 77441->77430 77444 7ff6ae61c543 77442->77444 77445 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 77443->77445 77447 7ff6ae5fe0f0 44 API calls 77444->77447 77446 7ff6ae61ccc6 77445->77446 77449 7ff6ae7acd10 DName::DName 8 API calls 77446->77449 77448 7ff6ae61c562 77447->77448 77450 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 77448->77450 77451 7ff6ae61cd85 77449->77451 77452 7ff6ae61c570 77450->77452 77453 7ff6ae622660 2 API calls 77452->77453 77454 7ff6ae61c57e 77453->77454 77455 7ff6ae622910 40 API calls 77454->77455 77456 7ff6ae61c58c shared_ptr 77455->77456 77457 7ff6ae620550 95 API calls 77456->77457 77458 7ff6ae61c692 77457->77458 77459 7ff6ae620690 52 API calls 77458->77459 77460 7ff6ae61c6e1 77459->77460 77461 7ff6ae61c72b 77460->77461 77462 7ff6ae61cd9e 77460->77462 77464 7ff6ae61c747 77461->77464 77465 7ff6ae61cda3 77461->77465 77469 7ff6ae61c753 _Yarn 77461->77469 77492 7ff6ae7aa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 77462->77492 77466 7ff6ae6020f0 std::_Throw_Cpp_error 44 API calls 77464->77466 77493 7ff6ae5f37d0 44 API calls 3 library calls 77465->77493 77466->77469 77467 7ff6ae621240 45 API calls 77473 7ff6ae61c7fb 77467->77473 77469->77467 77470 7ff6ae61cda9 77471 7ff6ae61c9a2 77472 7ff6ae61cdb0 40 API calls 77471->77472 77475 7ff6ae61c9af 77472->77475 77474 7ff6ae621240 45 API calls 77473->77474 77476 7ff6ae61c88c 77473->77476 77478 7ff6ae5fc6b0 44 API calls 77473->77478 77488 7ff6ae621b20 44 API calls 2 library calls 77473->77488 77474->77473 77479 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 77475->77479 77476->77471 77480 7ff6ae7acdf0 3 API calls 77476->77480 77489 7ff6ae7aad50 52 API calls 77476->77489 77490 7ff6ae7acd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 77476->77490 77491 7ff6ae600cd0 100 API calls 77476->77491 77478->77473 77481 7ff6ae61c9bd 77479->77481 77480->77476 77483 7ff6ae5fdb20 44 API calls 77481->77483 77484 7ff6ae61c9cb 77483->77484 77486 7ff6ae5fde60 std::_Throw_Cpp_error 44 API calls 77484->77486 77486->77417 77488->77473 77489->77476 77491->77476 77493->77470 77494 7ffbaa6883eb 77495 7ffbaa6883f4 77494->77495 77496 7ffbaa6884ab 77494->77496 77495->77496 77497 7ffbaa688452 SetTimer GetDoubleClickTime SetTimer 77495->77497 77498 7ffbaa6885a5 LeaveCriticalSection 77496->77498 77501 7ffbaa6885af 77496->77501 77503 7ffbaa68ef00 GetAsyncKeyState GetAsyncKeyState GetAsyncKeyState 77497->77503 77498->77501 77500 7ffbaa903b80 _log10_special 8 API calls 77502 7ffbaa6885e3 77500->77502 77501->77500 77503->77496 77504 7ffbaa701d30 RectVisible 77505 7ffbaa701d8a 77504->77505 77506 7ffbaa701d9d 7 API calls 77504->77506 77507 7ffbaa903b80 _log10_special 8 API calls 77505->77507 77508 7ffbaa701e06 77506->77508 77509 7ffbaa701d97 77507->77509 77510 7ffbaa701e15 IntersectClipRect 77508->77510 77511 7ffbaa903b80 _log10_special 8 API calls 77510->77511 77512 7ffbaa701e60 77511->77512 77513 7ff6ae7d125c 77514 7ff6ae7d12a7 77513->77514 77518 7ff6ae7d126b _Getctype 77513->77518 77520 7ff6ae7c2280 11 API calls _set_errno_from_matherr 77514->77520 77515 7ff6ae7d128e HeapAlloc 77517 7ff6ae7d12a5 77515->77517 77515->77518 77518->77514 77518->77515 77519 7ff6ae7d0a38 std::_Facet_Register 2 API calls 77518->77519 77519->77518 77520->77517 77521 7ffbaa6990f0 77522 7ffbaa69912e 77521->77522 77523 7ffbaa699252 GetWindowLongPtrA GetWindow 77521->77523 77524 7ffbaa6991c7 IsWindow 77522->77524 77525 7ffbaa699137 77522->77525 77585 7ffbaa686830 77523->77585 77527 7ffbaa6991d8 GetClientRect GetWindow IsWindow 77524->77527 77540 7ffbaa69914c 77524->77540 77528 7ffbaa69913c 77525->77528 77529 7ffbaa699151 IsWindow 77525->77529 77531 7ffbaa699216 SetWindowPos 77527->77531 77527->77540 77528->77540 77542 7ffbaa698bc0 SetWindowLongPtrA 77528->77542 77533 7ffbaa699162 GetWindowLongPtrA 77529->77533 77529->77540 77531->77540 77532 7ffbaa699297 EnterCriticalSection LeaveCriticalSection 77539 7ffbaa6992b8 77532->77539 77536 7ffbaa699175 77533->77536 77537 7ffbaa6991b7 EndDialog 77533->77537 77534 7ffbaa903b80 _log10_special 8 API calls 77538 7ffbaa699353 77534->77538 77536->77537 77536->77540 77537->77540 77539->77540 77590 7ffbaa6a3e60 11 API calls 77539->77590 77540->77534 77598 7ffbaa6c29d0 29 API calls _log10_special 77542->77598 77544 7ffbaa698c1e CreateWindowExA 77545 7ffbaa698c6f 77544->77545 77546 7ffbaa698ca1 77544->77546 77599 7ffbaa689640 21 API calls 77545->77599 77549 7ffbaa698cba 77546->77549 77550 7ffbaa698d39 77546->77550 77584 7ffbaa69906b 77546->77584 77548 7ffbaa698c7b 77548->77546 77553 7ffbaa686830 19 API calls 77549->77553 77591 7ffbaa689310 77550->77591 77551 7ffbaa903b80 _log10_special 8 API calls 77554 7ffbaa6990c9 77551->77554 77556 7ffbaa698cbf 77553->77556 77554->77540 77555 7ffbaa698cec 77559 7ffbaa686830 19 API calls 77555->77559 77556->77555 77557 7ffbaa698cc7 EnterCriticalSection 77556->77557 77600 7ffbaa68e030 116 API calls _log10_special 77557->77600 77561 7ffbaa698cfa 77559->77561 77560 7ffbaa698cdf LeaveCriticalSection 77560->77555 77562 7ffbaa698d02 EnterCriticalSection LeaveCriticalSection 77561->77562 77563 7ffbaa698d23 77561->77563 77562->77563 77564 7ffbaa698d7f 77563->77564 77563->77584 77601 7ffbaa6a3a90 EnterCriticalSection LeaveCriticalSection Concurrency::cancel_current_task EnterCriticalSection 77563->77601 77602 7ffbaa699820 55 API calls _log10_special 77564->77602 77567 7ffbaa698d8f 77568 7ffbaa698e42 77567->77568 77603 7ffbaa69fec0 8 API calls 3 library calls 77567->77603 77604 7ffbaa6891c0 21 API calls 77568->77604 77571 7ffbaa698e57 77605 7ffbaa689230 21 API calls 77571->77605 77573 7ffbaa698e63 GetWindowLongA GetWindowLongA AdjustWindowRectEx 77575 7ffbaa698ec2 GetParent GetWindowRect 77573->77575 77576 7ffbaa698f51 77573->77576 77574 7ffbaa698de4 77580 7ffbaa698e06 __std_exception_copy 77574->77580 77606 7ffbaa8690fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 77574->77606 77579 7ffbaa698f01 77575->77579 77577 7ffbaa698f69 GetDesktopWindow GetClientRect 77576->77577 77576->77579 77577->77579 77578 7ffbaa698e30 SetWindowTextA 77578->77568 77607 7ffbaa6b4bc0 9 API calls _log10_special 77579->77607 77580->77578 77583 7ffbaa698ff2 SetWindowPos GetClientRect SetWindowPos 77583->77584 77584->77551 77586 7ffbaa686720 11 API calls 77585->77586 77587 7ffbaa686861 77586->77587 77588 7ffbaa903b80 _log10_special 8 API calls 77587->77588 77589 7ffbaa686899 77588->77589 77589->77532 77589->77539 77590->77540 77592 7ffbaa686830 19 API calls 77591->77592 77593 7ffbaa68932e 77592->77593 77594 7ffbaa689336 77593->77594 77595 7ffbaa68933c EnterCriticalSection 77593->77595 77594->77555 77608 7ffbaa68ddc0 77595->77608 77598->77544 77599->77548 77600->77560 77601->77564 77602->77567 77603->77574 77604->77571 77605->77573 77606->77580 77607->77583 77609 7ffbaa68ddfc 77608->77609 77620 7ffbaa68deb9 77608->77620 77613 7ffbaa68de16 77609->77613 77609->77620 77641 7ffbaa6932a0 8 API calls _log10_special 77609->77641 77612 7ffbaa903b80 _log10_special 8 API calls 77615 7ffbaa689366 LeaveCriticalSection 77612->77615 77622 7ffbaa869f30 77613->77622 77615->77555 77619 7ffbaa68de70 77636 7ffbaa726be0 77619->77636 77621 7ffbaa68ded3 77620->77621 77642 7ffbaa726da0 22 API calls _log10_special 77620->77642 77621->77612 77623 7ffbaa869f7c 77622->77623 77643 7ffbaa6a82b0 77623->77643 77625 7ffbaa869fb4 77647 7ffbaa868a34 77625->77647 77627 7ffbaa869fd0 __std_exception_copy memcpy_s 77628 7ffbaa903b80 _log10_special 8 API calls 77627->77628 77629 7ffbaa68de59 77628->77629 77630 7ffbaa86a660 77629->77630 77635 7ffbaa86a6ab 77630->77635 77631 7ffbaa903b80 _log10_special 8 API calls 77633 7ffbaa86a83a 77631->77633 77633->77619 77634 7ffbaa86a80a __std_exception_copy 77634->77631 77635->77634 77652 7ffbaa868960 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77635->77652 77637 7ffbaa69a7f0 2 API calls 77636->77637 77638 7ffbaa726c1f 77637->77638 77639 7ffbaa903b80 _log10_special 8 API calls 77638->77639 77640 7ffbaa726ccb 77639->77640 77640->77620 77641->77613 77642->77621 77644 7ffbaa6a82e2 77643->77644 77645 7ffbaa6a82eb memcpy_s 77644->77645 77646 7ffbaa9041f0 2 API calls 77644->77646 77645->77625 77646->77645 77648 7ffbaa868a50 77647->77648 77649 7ffbaa868a58 memcpy_s 77647->77649 77651 7ffbaa868904 Concurrency::cancel_current_task EnterCriticalSection 77648->77651 77649->77627 77651->77649 77652->77634 77653 7ffbaa6a1370 77655 7ffbaa6a1390 77653->77655 77654 7ffbaa6a13f6 77655->77654 77656 7ffbaa6a13fb EnterCriticalSection 77655->77656 77657 7ffbaa6a1414 77656->77657 77658 7ffbaa759d20 8 API calls 77657->77658 77659 7ffbaa6a1448 LeaveCriticalSection 77658->77659 77659->77654 77660 7ffbaa691730 GetCursorPos WindowFromPoint 77661 7ffbaa691775 77660->77661 77663 7ffbaa69176c 77660->77663 77668 7ffbaa691690 11 API calls _log10_special 77661->77668 77665 7ffbaa6917de 77663->77665 77666 7ffbaa6917a9 ScreenToClient 77663->77666 77664 7ffbaa69177d 77664->77663 77667 7ffbaa6917d3 77666->77667 77668->77664 77673 7ffbaa695870 GetDlgCtrlID 77674 7ffbaa6958f6 GetDlgCtrlID 77673->77674 77675 7ffbaa6958de 77673->77675 77676 7ffbaa69593c GetParent SendMessageA 77674->77676 77677 7ffbaa69591e 77674->77677 77675->77674 77676->77677 77678 7ffbaa695964 IsWindow 77677->77678 77679 7ffbaa695972 77677->77679 77678->77679 77680 7ffbaa7c9c60 71 API calls 77679->77680 77689 7ffbaa6959c9 77679->77689 77682 7ffbaa6959f9 77680->77682 77681 7ffbaa903b80 _log10_special 8 API calls 77683 7ffbaa695b5f 77681->77683 77695 7ffbaa695fd0 12 API calls 77682->77695 77685 7ffbaa695a04 77696 7ffbaa695ef0 10 API calls _log10_special 77685->77696 77687 7ffbaa695a42 77688 7ffbaa695a4b 77687->77688 77687->77689 77697 7ffbaa718c60 38 API calls 77688->77697 77689->77681 77691 7ffbaa695a70 SendMessageA GetWindowRect GetDlgCtrlID 77692 7ffbaa695aea 77691->77692 77693 7ffbaa695b1c GetParent SendMessageA 77692->77693 77694 7ffbaa695b02 77692->77694 77693->77694 77694->77689 77695->77685 77696->77687 77697->77691 77698 7ffbaa693470 77703 7ffbaa75a8a0 __std_exception_copy 77698->77703 77699 7ffbaa903b80 _log10_special 8 API calls 77700 7ffbaa75ae0e 77699->77700 77701 7ffbaa75ad73 77702 7ffbaa75adca 77701->77702 77710 7ffbaa693570 77701->77710 77702->77699 77703->77701 77703->77702 77706 7ffbaa6952b0 8 API calls 77703->77706 77707 7ffbaa74fc70 8 API calls 77703->77707 77717 7ffbaa759b90 8 API calls _log10_special 77703->77717 77718 7ffbaa75a740 8 API calls 77703->77718 77719 7ffbaa6b3060 8 API calls _log10_special 77703->77719 77706->77703 77707->77703 77711 7ffbaa6935a1 77710->77711 77716 7ffbaa693632 __std_exception_copy 77710->77716 77714 7ffbaa69361a UpdateWindow 77711->77714 77715 7ffbaa693604 UpdateWindow 77711->77715 77711->77716 77712 7ffbaa903b80 _log10_special 8 API calls 77713 7ffbaa693656 77712->77713 77713->77702 77714->77716 77715->77711 77715->77714 77716->77712 77717->77703 77718->77703 77719->77703 77720 7ffbaa6aebf0 77721 7ffbaa6aec2f 77720->77721 77726 7ffbaa6aeac0 77721->77726 77723 7ffbaa903b80 _log10_special 8 API calls 77724 7ffbaa6aeceb 77723->77724 77727 7ffbaa6aeae8 77726->77727 77728 7ffbaa6aeb5b 77727->77728 77730 7ffbaa6aea00 77727->77730 77728->77723 77732 7ffbaa6aea3e 77730->77732 77731 7ffbaa903b80 _log10_special 8 API calls 77733 7ffbaa6aeaa9 77731->77733 77732->77731 77733->77728 77734 7ff6ae689c00 77735 7ff6ae691be0 2 API calls 77734->77735 77740 7ff6ae689c4c 77735->77740 77736 7ff6ae689c72 CreateFileW 77737 7ff6ae689d67 77736->77737 77738 7ff6ae689ca8 GetLastError 77736->77738 77739 7ff6ae689d7e 77738->77739 77738->77740 77741 7ff6ae75d7e0 42 API calls 77739->77741 77740->77736 77740->77739 77744 7ff6ae691be0 QueryPerformanceCounter QueryPerformanceFrequency 77740->77744 77755 7ff6ae689d55 CloseHandle 77740->77755 77758 7ff6ae68dc20 12 API calls 2 library calls 77740->77758 77742 7ff6ae689d91 77741->77742 77743 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77742->77743 77745 7ff6ae689da2 LockFileEx 77743->77745 77744->77740 77746 7ff6ae689de6 77745->77746 77747 7ff6ae689deb GetLastError 77745->77747 77748 7ff6ae75d7e0 42 API calls 77747->77748 77750 7ff6ae689e04 77748->77750 77751 7ff6ae7af810 Concurrency::cancel_current_task 2 API calls 77750->77751 77752 7ff6ae689e15 77751->77752 77759 7ff6ae691a70 44 API calls DName::DName 77752->77759 77754 7ff6ae689e5f 77760 7ff6ae691a70 44 API calls DName::DName 77754->77760 77755->77740 77757 7ff6ae689e96 77758->77740 77759->77754 77760->77757 77761 7ff6ae7d4070 77762 7ff6ae7d40d1 77761->77762 77763 7ff6ae7d40cc __crtLCMapStringW 77761->77763 77763->77762 77764 7ff6ae7d4100 LoadLibraryExW 77763->77764 77765 7ff6ae7d41f5 GetProcAddress 77763->77765 77770 7ff6ae7d415f LoadLibraryExW 77763->77770 77766 7ff6ae7d41d5 77764->77766 77767 7ff6ae7d4125 GetLastError 77764->77767 77765->77762 77768 7ff6ae7d4206 77765->77768 77766->77765 77769 7ff6ae7d41ec FreeLibrary 77766->77769 77767->77763 77768->77762 77769->77765 77770->77763 77770->77766 77771 7ffbaa736c90 77774 7ffbaa75f580 77771->77774 77775 7ffbaa75f5a8 77774->77775 77788 7ffbaa7677c0 77775->77788 77779 7ffbaa75f64c 77832 7ffbaa769010 77779->77832 77781 7ffbaa75f66d 77782 7ffbaa9041f0 2 API calls 77781->77782 77783 7ffbaa75f6b2 77782->77783 77784 7ffbaa904144 2 API calls 77783->77784 77785 7ffbaa75f711 77784->77785 77845 7ffbaa768a80 77785->77845 77787 7ffbaa736cbd 77789 7ffbaa9041f0 2 API calls 77788->77789 77790 7ffbaa75f5f6 77789->77790 77791 7ffbaa86a1b4 77790->77791 77792 7ffbaa86a1ec 77791->77792 77849 7ffbaa690fb0 77792->77849 77794 7ffbaa86a255 77853 7ffbaa868fd0 77794->77853 77796 7ffbaa86a25d memcpy_s 77856 7ffbaa94afc4 77796->77856 77798 7ffbaa86a2a3 77799 7ffbaa86a2c7 77798->77799 77800 7ffbaa86a2a7 77798->77800 77802 7ffbaa94afc4 22 API calls 77799->77802 77801 7ffbaa690fb0 2 API calls 77800->77801 77803 7ffbaa86a2b6 77801->77803 77808 7ffbaa86a2d9 77802->77808 77804 7ffbaa690fb0 2 API calls 77803->77804 77809 7ffbaa86a2c2 __std_exception_copy 77804->77809 77805 7ffbaa86a30f 77821 7ffbaa86a393 77805->77821 77868 7ffbaa68d5c0 Concurrency::cancel_current_task EnterCriticalSection 77805->77868 77808->77805 77867 7ffbaa934cc0 33 API calls wcsftime 77808->77867 77810 7ffbaa903b80 _log10_special 8 API calls 77809->77810 77811 7ffbaa86a602 77810->77811 77811->77779 77812 7ffbaa86a32c 77813 7ffbaa86a382 77812->77813 77869 7ffbaa868f60 32 API calls 77812->77869 77815 7ffbaa690fb0 2 API calls 77813->77815 77816 7ffbaa86a434 77813->77816 77831 7ffbaa86a4fc 77813->77831 77815->77816 77817 7ffbaa690fb0 2 API calls 77816->77817 77816->77831 77817->77831 77818 7ffbaa690fb0 2 API calls 77819 7ffbaa86a59c 77818->77819 77871 7ffbaa868f60 32 API calls 77819->77871 77821->77813 77821->77816 77822 7ffbaa86a4c6 77821->77822 77823 7ffbaa86a4ba 77821->77823 77825 7ffbaa690fb0 2 API calls 77821->77825 77830 7ffbaa86a4e8 77822->77830 77870 7ffbaa944f8c 51 API calls 77822->77870 77826 7ffbaa690fb0 2 API calls 77823->77826 77824 7ffbaa86a5a5 77824->77809 77872 7ffbaa94ae6c 22 API calls 2 library calls 77824->77872 77825->77823 77826->77822 77828 7ffbaa690fb0 2 API calls 77828->77813 77830->77828 77831->77818 77831->77819 77876 7ffbaa768f80 77832->77876 77834 7ffbaa769050 77835 7ffbaa768f80 2 API calls 77834->77835 77836 7ffbaa76905a 77835->77836 77837 7ffbaa768f80 2 API calls 77836->77837 77838 7ffbaa769064 77837->77838 77839 7ffbaa9041f0 2 API calls 77838->77839 77840 7ffbaa7690a0 77839->77840 77841 7ffbaa9041f0 2 API calls 77840->77841 77842 7ffbaa76910b 77841->77842 77843 7ffbaa9041f0 2 API calls 77842->77843 77844 7ffbaa769176 77843->77844 77844->77781 77846 7ffbaa768abd 77845->77846 77847 7ffbaa904144 2 API calls 77846->77847 77848 7ffbaa768b9f 77846->77848 77847->77848 77848->77787 77850 7ffbaa690fd0 77849->77850 77851 7ffbaa690feb memcpy_s 77850->77851 77852 7ffbaa9041f0 2 API calls 77850->77852 77851->77794 77852->77851 77854 7ffbaa868a34 2 API calls 77853->77854 77855 7ffbaa868feb 77854->77855 77855->77796 77857 7ffbaa94afd1 77856->77857 77860 7ffbaa94b007 77856->77860 77865 7ffbaa94af78 77857->77865 77873 7ffbaa93dd28 10 API calls memcpy_s 77857->77873 77859 7ffbaa94b031 77874 7ffbaa93dd28 10 API calls memcpy_s 77859->77874 77860->77859 77863 7ffbaa94b056 77860->77863 77861 7ffbaa94afdb 77861->77798 77866 7ffbaa94b036 77863->77866 77875 7ffbaa92f338 22 API calls wcsftime 77863->77875 77865->77798 77866->77798 77867->77808 77868->77812 77869->77821 77870->77830 77871->77824 77872->77824 77873->77861 77874->77866 77875->77866 77877 7ffbaa9041f0 2 API calls 77876->77877 77878 7ffbaa768fc4 77877->77878 77878->77834 77879 7ff6ae61f480 GetCurrentProcess CheckRemoteDebuggerPresent 77880 7ff6ae61f4bb 77879->77880 77882 7ff6ae61f4fc NdrClientCall3 77880->77882 77886 7ff6ae61f4c2 77880->77886 77881 7ff6ae7acd10 DName::DName 8 API calls 77883 7ff6ae61f60a 77881->77883 77884 7ff6ae61f536 77882->77884 77885 7ff6ae61f54f GetModuleHandleW GetProcAddress 77884->77885 77884->77886 77887 7ff6ae61f5eb 77885->77887 77888 7ff6ae61f574 VirtualProtect 77885->77888 77886->77881 77887->77886 77888->77887 77890 7ff6ae61f5a8 VirtualProtect GetCurrentProcess FlushInstructionCache 77888->77890 77890->77887 77891 7ffbaa6a0ba0 77893 7ffbaa6a0bd0 77891->77893 77892 7ffbaa903b80 _log10_special 8 API calls 77894 7ffbaa6a0d65 77892->77894 77895 7ffbaa6a0bd8 77893->77895 77896 7ffbaa6a0c66 77893->77896 77901 7ffbaa6a0c0d 77893->77901 77895->77892 77897 7ffbaa6a0d17 77896->77897 77898 7ffbaa6a0c6f 77896->77898 77899 7ffbaa69a7f0 2 API calls 77897->77899 77903 7ffbaa8696bc 2 API calls 77898->77903 77900 7ffbaa6a0d24 77899->77900 77919 7ffbaa756860 32 API calls 77900->77919 77902 7ffbaa759d20 8 API calls 77901->77902 77902->77895 77905 7ffbaa6a0ca6 memcpy_s 77903->77905 77906 7ffbaa69a7f0 2 API calls 77905->77906 77907 7ffbaa6a0cca 77906->77907 77909 7ffbaa756550 77907->77909 77910 7ffbaa75657e 77909->77910 77911 7ffbaa75659b memcpy_s 77910->77911 77913 7ffbaa9041f0 2 API calls 77910->77913 77918 7ffbaa75666e 77910->77918 77920 7ffbaa7bd960 77911->77920 77913->77911 77914 7ffbaa756608 77915 7ffbaa756645 SetTimer 77914->77915 77916 7ffbaa756658 77914->77916 77914->77918 77915->77916 77917 7ffbaa759d20 8 API calls 77916->77917 77917->77918 77918->77895 77919->77895 77921 7ffbaa7bd9c5 77920->77921 77922 7ffbaa7bd9e6 77920->77922 77921->77922 77945 7ffbaa8690fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 77921->77945 77934 7ffbaa7b3fa0 77922->77934 77927 7ffbaa7bda8f 77947 7ffbaa7c4ef0 32 API calls 2 library calls 77927->77947 77929 7ffbaa7bdaa6 77948 7ffbaa7b4fb0 8 API calls _log10_special 77929->77948 77930 7ffbaa903b80 _log10_special 8 API calls 77932 7ffbaa7bdb88 77930->77932 77932->77914 77933 7ffbaa7bdacc __std_exception_copy 77933->77930 77949 7ffbaa82a820 77934->77949 77936 7ffbaa903b80 _log10_special 8 API calls 77938 7ffbaa7b44e7 77936->77938 77937 7ffbaa82a820 6 API calls 77941 7ffbaa7b4b7b 77937->77941 77938->77927 77938->77933 77946 7ffbaa7c4c80 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77938->77946 77939 7ffbaa7b402c 77940 7ffbaa8696bc 2 API calls 77939->77940 77942 7ffbaa7b407e 77939->77942 77944 7ffbaa7b4063 77939->77944 77940->77944 77941->77942 77943 7ffbaa82a820 6 API calls 77941->77943 77942->77936 77943->77941 77944->77937 77944->77942 77945->77922 77946->77927 77947->77929 77948->77933 77951 7ffbaa82a83d 77949->77951 77984 7ffbaa8295d0 77951->77984 77952 7ffbaa82ac39 77953 7ffbaa82ae02 77952->77953 77956 7ffbaa82ac43 77952->77956 77955 7ffbaa82ae0c 77953->77955 77970 7ffbaa82af3d 77953->77970 77954 7ffbaa82aac5 77954->77952 77974 7ffbaa82ab29 77954->77974 77979 7ffbaa82a992 77954->77979 77958 7ffbaa82ae39 MultiByteToWideChar 77955->77958 77955->77979 77957 7ffbaa82ace4 77956->77957 77966 7ffbaa82ac69 77956->77966 77959 7ffbaa82ad09 MultiByteToWideChar 77957->77959 77957->77979 77960 7ffbaa82ae71 MultiByteToWideChar 77958->77960 77961 7ffbaa82ae64 77958->77961 77963 7ffbaa82ad41 MultiByteToWideChar 77959->77963 77964 7ffbaa82ad34 77959->77964 77978 7ffbaa82aeba 77960->77978 77962 7ffbaa9041f0 2 API calls 77961->77962 77962->77960 77981 7ffbaa82ad8a 77963->77981 77967 7ffbaa9041f0 2 API calls 77964->77967 77966->77979 77993 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77966->77993 77967->77963 77969 7ffbaa82ab7b 77969->77979 77991 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77969->77991 77970->77979 77997 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77970->77997 77973 7ffbaa82abce 77992 7ffbaa829e80 Concurrency::cancel_current_task EnterCriticalSection 77973->77992 77974->77969 77974->77973 77977 7ffbaa82af2e 77996 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77977->77996 77978->77977 77978->77979 77995 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77978->77995 77979->77939 77981->77977 77981->77979 77994 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77981->77994 77989 7ffbaa8295f5 77984->77989 77985 7ffbaa829652 77985->77954 77986 7ffbaa829719 77986->77954 77987 7ffbaa9041f0 2 API calls 77988 7ffbaa829692 77987->77988 77988->77986 77998 7ffbaa75d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 77988->77998 77989->77985 77989->77987 77989->77988 77991->77969 77992->77979 77993->77966 77994->77981 77995->77978 77996->77979 77997->77970 77998->77988 77999 7ffbaa6a4420 78000 7ffbaa6a4453 77999->78000 78001 7ffbaa6a4474 78000->78001 78002 7ffbaa6a44a0 EnterCriticalSection 78000->78002 78003 7ffbaa6a44ba 78002->78003 78004 7ffbaa904144 2 API calls 78003->78004 78005 7ffbaa6a44d5 78004->78005 78007 7ffbaa6a4507 78005->78007 78015 7ffbaa8690fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 78005->78015 78011 7ffbaa6910f0 78007->78011 78013 7ffbaa69113b 78011->78013 78012 7ffbaa903b80 _log10_special 8 API calls 78014 7ffbaa69119a LeaveCriticalSection 78012->78014 78013->78012 78014->78001 78015->78007 78016 7ffbaa692660 EnterCriticalSection 78017 7ffbaa6926b7 78016->78017 78018 7ffbaa69277b SetTimer 78017->78018 78019 7ffbaa692705 LeaveCriticalSection 78017->78019 78018->78019 78021 7ffbaa903b80 _log10_special 8 API calls 78019->78021 78022 7ffbaa6927c1 78021->78022 78023 7ffbaa6c3aa0 78024 7ffbaa6c3ad6 78023->78024 78025 7ffbaa6c3aba 78023->78025 78027 7ffbaa6c36c0 26 API calls _log10_special 78024->78027 78027->78025 78028 7ffbaa6aaf60 78029 7ffbaa7e2ca0 114 API calls 78028->78029 78030 7ffbaa6aaf9c 78029->78030

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 00007FF6AE62CE40 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 274threadwindowsynchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 665 7ff6ae62ce40-7ff6ae62cfbf call 7ff6ae606cc0 call 7ff6ae742d60 call 7ff6ae7ace80 call 7ff6ae5f83a0 call 7ff6ae742f00 call 7ff6ae6309f0 GetModuleHandleW 679 7ff6ae62cfc6-7ff6ae62cfe4 call 7ff6ae62b580 call 7ff6ae62b490 665->679 684 7ff6ae62cfea-7ff6ae62cff2 679->684 685 7ff6ae62d2ee-7ff6ae62d2f6 679->685 684->685 688 7ff6ae62cff8-7ff6ae62d00a GetCurrentProcess GetPriorityClass 684->688 686 7ff6ae62d2f8-7ff6ae62d302 call 7ff6ae62e520 685->686 687 7ff6ae62d317-7ff6ae62d32f WaitForSingleObject 685->687 692 7ff6ae62d307-7ff6ae62d310 686->692 687->679 690 7ff6ae62d335 687->690 688->685 691 7ff6ae62d010-7ff6ae62d015 688->691 693 7ff6ae62d340-7ff6ae62d360 PeekMessageW 690->693 691->685 694 7ff6ae62d01b-7ff6ae62d04f call 7ff6ae6224e0 OpenThread 691->694 692->687 693->693 695 7ff6ae62d362-7ff6ae62d36a call 7ff6ae7431b0 693->695 700 7ff6ae62d056-7ff6ae62d061 GetThreadPriority 694->700 701 7ff6ae62d051 694->701 699 7ff6ae62d36f-7ff6ae62d39b call 7ff6ae7acd10 695->699 702 7ff6ae62d067-7ff6ae62d071 call 7ff6ae62f7e0 700->702 703 7ff6ae62d2dd-7ff6ae62d2e0 CloseHandle 700->703 705 7ff6ae62d2e6 701->705 702->703 709 7ff6ae62d077-7ff6ae62d0c6 GetGUIThreadInfo 702->709 703->705 705->685 709->703 710 7ff6ae62d0cc-7ff6ae62d0d7 709->710 711 7ff6ae62d2d8 710->711 712 7ff6ae62d0dd-7ff6ae62d0e6 710->712 711->703 713 7ff6ae62d26c-7ff6ae62d275 712->713 714 7ff6ae62d0ec 712->714 716 7ff6ae62d277-7ff6ae62d287 IsHungAppWindow 713->716 717 7ff6ae62d2d0 713->717 715 7ff6ae62d0f0-7ff6ae62d110 PeekMessageW 714->715 715->715 718 7ff6ae62d112-7ff6ae62d129 715->718 716->717 719 7ff6ae62d289-7ff6ae62d2bd SendMessageCallbackW 716->719 717->711 720 7ff6ae62d12f-7ff6ae62d131 718->720 721 7ff6ae62d262 718->721 719->717 722 7ff6ae62d2bf-7ff6ae62d2c9 719->722 720->713 723 7ff6ae62d137-7ff6ae62d195 call 7ff6ae5f79d0 720->723 724 7ff6ae62d265 721->724 722->717 727 7ff6ae62d197-7ff6ae62d1d1 723->727 728 7ff6ae62d1d2-7ff6ae62d1dd 723->728 724->713 727->728 729 7ff6ae62d21c-7ff6ae62d260 call 7ff6ae62d9c0 728->729 730 7ff6ae62d1df-7ff6ae62d1ec 728->730 729->724 730->729 731 7ff6ae62d1ee-7ff6ae62d20a 730->731 731->729 736 7ff6ae62d20c-7ff6ae62d212 731->736 736->729
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Thread$ConditionCurrentMaskOpen$CountInfoMessagePeekPriorityProcessTickTimesToken$ClassControlDeviceErrorHandleImpersonateLastModuleObjectSelfSingleSystemVerifyVersionWait
                                                                                                                                                                                                                                                                      • String ID: 0398$Detected a hang in GUI thread through IsHungAppWindow+SendMessageCallback. Attempting to dump process...$FA7D$H$Process monitoring installed.$SeDebugPrivilege$h$suspected GUI thread hang$verifier.dll
                                                                                                                                                                                                                                                                      • API String ID: 2528360860-2006111672
                                                                                                                                                                                                                                                                      • Opcode ID: 57aa9f0f3ac8d70a45fc4b873c5f4f85d1edd01e82185273445563720d672a71
                                                                                                                                                                                                                                                                      • Instruction ID: 502f408df5e5f5017b05d6236f20ce7b6a3f637e8c83e2fcc31f5f8c7f8c9cba
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57aa9f0f3ac8d70a45fc4b873c5f4f85d1edd01e82185273445563720d672a71
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67D17532A1ABC286E761DF16E4507EAB3A0FBA8740F016575EA8D83B54DF3CE545DB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE61C04B Relevance: 33.7, APIs: 7, Strings: 12, Instructions: 476COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 829 7ff6ae61c04b-7ff6ae61c0a5 call 7ff6ae5faef0 833 7ff6ae61c0b2-7ff6ae61c411 call 7ff6ae5faef0 call 7ff6ae7aece0 call 7ff6ae6229f0 829->833 834 7ff6ae61c0ad call 7ff6ae7aece0 829->834 845 7ff6ae61c417-7ff6ae61c475 call 7ff6ae5f83a0 call 7ff6ae6a9540 833->845 846 7ff6ae61c9d9-7ff6ae61c9e7 call 7ff6ae62a470 833->846 834->833 860 7ff6ae61c477 845->860 861 7ff6ae61c47a-7ff6ae61c54d call 7ff6ae6227d0 call 7ff6ae62beb0 call 7ff6ae754980 845->861 852 7ff6ae61c9e9-7ff6ae61ca4e call 7ff6ae606cc0 846->852 853 7ff6ae61ca53-7ff6ae61ca58 846->853 864 7ff6ae61cca2-7ff6ae61cd97 call 7ff6ae61cec0 call 7ff6ae5fde60 * 2 call 7ff6ae7acd10 852->864 855 7ff6ae61cb5b-7ff6ae61cb67 853->855 856 7ff6ae61ca5e-7ff6ae61cac8 call 7ff6ae5f79d0 853->856 858 7ff6ae61cb69 855->858 859 7ff6ae61cb6c-7ff6ae61cb75 GetFileAttributesW 855->859 873 7ff6ae61cb08-7ff6ae61cb13 856->873 874 7ff6ae61caca-7ff6ae61cb07 856->874 858->859 865 7ff6ae61cb77-7ff6ae61cb79 859->865 866 7ff6ae61cb7f 859->866 860->861 895 7ff6ae61c54f 861->895 896 7ff6ae61c552-7ff6ae61c725 call 7ff6ae5fe0f0 call 7ff6ae5fde60 call 7ff6ae622660 call 7ff6ae622910 call 7ff6ae7fe6e0 call 7ff6ae620550 call 7ff6ae620690 861->896 865->866 872 7ff6ae61cb7b-7ff6ae61cb7d 865->872 869 7ff6ae61cb81-7ff6ae61cba1 866->869 875 7ff6ae61cbce-7ff6ae61cc1a call 7ff6ae5f79d0 869->875 876 7ff6ae61cba3-7ff6ae61cbc9 call 7ff6ae6215d0 869->876 872->869 873->864 879 7ff6ae61cb19-7ff6ae61cb23 873->879 874->873 893 7ff6ae61cc5a-7ff6ae61cc65 875->893 894 7ff6ae61cc1c-7ff6ae61cc59 875->894 876->864 879->864 884 7ff6ae61cb29-7ff6ae61cb40 879->884 884->864 898 7ff6ae61cb46-7ff6ae61cb56 884->898 899 7ff6ae61cc67-7ff6ae61cc71 893->899 900 7ff6ae61cc9c 893->900 894->893 895->896 924 7ff6ae61c72b-7ff6ae61c72e 896->924 925 7ff6ae61cd9e-7ff6ae61cda3 call 7ff6ae7aa850 896->925 898->864 899->900 904 7ff6ae61cc73-7ff6ae61cc8a 899->904 900->864 904->900 912 7ff6ae61cc8c-7ff6ae61cc92 904->912 912->900 926 7ff6ae61c7d1 924->926 927 7ff6ae61c734-7ff6ae61c741 924->927 930 7ff6ae61cda4-7ff6ae61cda9 call 7ff6ae5f37d0 925->930 931 7ff6ae61c7d9-7ff6ae61c80a call 7ff6ae621240 926->931 929 7ff6ae61c747-7ff6ae61c7cf call 7ff6ae6020f0 call 7ff6ae7fdf60 927->929 927->930 929->931 940 7ff6ae61c88c-7ff6ae61c89f 931->940 941 7ff6ae61c810-7ff6ae61c819 931->941 942 7ff6ae61c9a2-7ff6ae61c9d4 call 7ff6ae61cdb0 call 7ff6ae5fde60 call 7ff6ae5fdb20 call 7ff6ae5fde60 940->942 943 7ff6ae61c8a5-7ff6ae61c8b7 940->943 945 7ff6ae61c81b-7ff6ae61c82b 941->945 946 7ff6ae61c860-7ff6ae61c88a call 7ff6ae621240 941->946 942->846 948 7ff6ae61c8c0-7ff6ae61c8ca 943->948 949 7ff6ae61c848-7ff6ae61c853 945->949 950 7ff6ae61c82d-7ff6ae61c846 call 7ff6ae5fc6b0 945->950 946->940 946->941 954 7ff6ae61c8f9-7ff6ae61c933 948->954 955 7ff6ae61c8cc-7ff6ae61c8df call 7ff6ae7acdf0 948->955 949->946 956 7ff6ae61c85b call 7ff6ae621b20 949->956 950->946 960 7ff6ae61c938-7ff6ae61c98f call 7ff6ae600cd0 954->960 961 7ff6ae61c935 954->961 955->954 967 7ff6ae61c8e1-7ff6ae61c8f4 call 7ff6ae7aad50 call 7ff6ae7acd80 955->967 956->946 969 7ff6ae61c991 960->969 970 7ff6ae61c995-7ff6ae61c99c 960->970 961->960 967->954 969->970 970->942 970->948
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __std_exception_destroy$BindingString$ComposeConcurrency::cancel_current_taskFreeFrom
                                                                                                                                                                                                                                                                      • String ID: $"$1412$AvDumper$CA55$CrashGuardProcessWatcherExclusions$Failed to install crash hooks$avcfg://settings/CrashGuard/DumpFirstChance$avdef://config/Common/DumpFirstChance$avdef://config/Common/FullDumpFraction$ncalrpc$python.exe;pythonw.exe;
                                                                                                                                                                                                                                                                      • API String ID: 2873485521-3410722514
                                                                                                                                                                                                                                                                      • Opcode ID: 5c071005d9228f5359c14af396b95fcebd858f6350146f2184d3c232a9e45185
                                                                                                                                                                                                                                                                      • Instruction ID: 386ee4adced6f4655330c9b192a2a492f6dcf24f25a1e4207990cb129e788cf8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c071005d9228f5359c14af396b95fcebd858f6350146f2184d3c232a9e45185
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF42303291ABC581E631EB15E4903EE73A0FBE5740F405635EA8D93AA6EF3CD584DB40
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA686F8C Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 428windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 976 7ffbaa686f8c-7ffbaa686f8f 977 7ffbaa6885a0-7ffbaa6885a3 976->977 978 7ffbaa686f95-7ffbaa686fd7 GetClientRect 976->978 979 7ffbaa6885a5-7ffbaa6885ae LeaveCriticalSection 977->979 980 7ffbaa6885af-7ffbaa6885b2 977->980 981 7ffbaa688596-7ffbaa68859d 978->981 982 7ffbaa686fdd-7ffbaa686fe3 978->982 979->980 985 7ffbaa6885b4-7ffbaa6885d0 980->985 986 7ffbaa6885d1-7ffbaa6885f6 call 7ffbaa903b80 980->986 981->977 982->981 984 7ffbaa686fe9-7ffbaa686ff0 982->984 987 7ffbaa6876d1-7ffbaa6876eb BeginPaint EndPaint 984->987 988 7ffbaa686ff6-7ffbaa687002 984->988 985->986 987->977 987->981 988->987 990 7ffbaa687008-7ffbaa687012 988->990 993 7ffbaa68732c-7ffbaa68733b GetWindowLongA 990->993 994 7ffbaa687018-7ffbaa6870f9 BeginPaint call 7ffbaa967dc0 call 7ffbaa68fb00 call 7ffbaa705540 990->994 995 7ffbaa68733d-7ffbaa68734b 993->995 996 7ffbaa68738c-7ffbaa68739e GetWindowLongA 993->996 1024 7ffbaa68710d 994->1024 1025 7ffbaa6870fb-7ffbaa68710b call 7ffbaa6907d0 994->1025 998 7ffbaa68734d-7ffbaa687363 995->998 999 7ffbaa687365-7ffbaa687387 BeginPaint EndPaint call 7ffbaa6bf3d0 995->999 1001 7ffbaa687514-7ffbaa687563 call 7ffbaa685e80 996->1001 1002 7ffbaa6873a4-7ffbaa687471 BeginPaint call 7ffbaa700e40 call 7ffbaa68f2f0 996->1002 998->996 998->999 999->977 1013 7ffbaa68756e 1001->1013 1014 7ffbaa687565-7ffbaa687568 1001->1014 1020 7ffbaa687482-7ffbaa6874da call 7ffbaa700f30 1002->1020 1021 7ffbaa687473-7ffbaa68747d call 7ffbaa686c80 1002->1021 1018 7ffbaa687570-7ffbaa687572 1013->1018 1014->1013 1017 7ffbaa68756a-7ffbaa68756c 1014->1017 1017->1018 1022 7ffbaa687578-7ffbaa687639 call 7ffbaa700e40 call 7ffbaa68f2f0 1018->1022 1023 7ffbaa6876c3-7ffbaa6876cc call 7ffbaa686040 1018->1023 1042 7ffbaa6874ec-7ffbaa6874f6 1020->1042 1043 7ffbaa6874dc-7ffbaa6874e5 call 7ffbaa92cef0 1020->1043 1021->1020 1045 7ffbaa68763b-7ffbaa687645 call 7ffbaa686c80 1022->1045 1046 7ffbaa68764a-7ffbaa687670 1022->1046 1023->977 1031 7ffbaa68711a-7ffbaa687146 1024->1031 1025->1031 1035 7ffbaa687148-7ffbaa687181 call 7ffbaa704cb0 call 7ffbaa7106f0 1031->1035 1036 7ffbaa687183-7ffbaa68718e 1031->1036 1044 7ffbaa687197-7ffbaa6872c5 call 7ffbaa967dc0 call 7ffbaa703820 SetWindowOrgEx call 7ffbaa7039d0 call 7ffbaa708830 CreateCompatibleDC SelectObject BitBlt SelectObject DeleteDC EndPaint 1035->1044 1036->1044 1051 7ffbaa687502-7ffbaa68750f EndPaint 1042->1051 1052 7ffbaa6874f8-7ffbaa687501 call 7ffbaa92cef0 1042->1052 1043->1042 1077 7ffbaa6872db-7ffbaa6872e5 1044->1077 1078 7ffbaa6872c7-7ffbaa6872d4 1044->1078 1045->1046 1054 7ffbaa68767d-7ffbaa68769b call 7ffbaa700f30 1046->1054 1051->977 1052->1051 1065 7ffbaa6876ad-7ffbaa6876b7 1054->1065 1066 7ffbaa68769d-7ffbaa6876a6 call 7ffbaa92cef0 1054->1066 1065->1023 1069 7ffbaa6876b9-7ffbaa6876c2 call 7ffbaa92cef0 1065->1069 1066->1065 1069->1023 1079 7ffbaa6872fb-7ffbaa687305 1077->1079 1080 7ffbaa6872e7-7ffbaa6872f4 1077->1080 1078->1077 1081 7ffbaa68731b-7ffbaa687327 call 7ffbaa68fed0 1079->1081 1082 7ffbaa687307-7ffbaa687314 1079->1082 1080->1079 1081->977 1082->1081
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetClientRect.USER32 ref: 00007FFBAA686FAF
                                                                                                                                                                                                                                                                      • BeginPaint.USER32 ref: 00007FFBAA68701C
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA705540: CreateDIBSection.GDI32(00000000,00000000,?,?,?,00007FFBAA6BF4CC), ref: 00007FFBAA7055AE
                                                                                                                                                                                                                                                                      • SetWindowOrgEx.GDI32 ref: 00007FFBAA6871D3
                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32 ref: 00007FFBAA68723A
                                                                                                                                                                                                                                                                      • SelectObject.GDI32 ref: 00007FFBAA68724D
                                                                                                                                                                                                                                                                      • BitBlt.GDI32 ref: 00007FFBAA687292
                                                                                                                                                                                                                                                                      • SelectObject.GDI32 ref: 00007FFBAA68729E
                                                                                                                                                                                                                                                                      • DeleteDC.GDI32 ref: 00007FFBAA6872A7
                                                                                                                                                                                                                                                                      • EndPaint.USER32 ref: 00007FFBAA6872B4
                                                                                                                                                                                                                                                                      • GetWindowLongA.USER32 ref: 00007FFBAA687331
                                                                                                                                                                                                                                                                      • BeginPaint.USER32 ref: 00007FFBAA68736C
                                                                                                                                                                                                                                                                      • EndPaint.USER32 ref: 00007FFBAA687379
                                                                                                                                                                                                                                                                      • GetWindowLongA.USER32 ref: 00007FFBAA687394
                                                                                                                                                                                                                                                                      • EndPaint.USER32 ref: 00007FFBAA687509
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: GetParent.USER32 ref: 00007FFBAA686CAD
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: IsWindow.USER32 ref: 00007FFBAA686CB9
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: MapWindowPoints.USER32 ref: 00007FFBAA686CE9
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: GetClipBox.GDI32 ref: 00007FFBAA686CF7
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: SaveDC.GDI32 ref: 00007FFBAA686D00
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: GetWindowLongA.USER32 ref: 00007FFBAA686D10
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: GetWindowRect.USER32 ref: 00007FFBAA686D24
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: SetViewportOrgEx.GDI32 ref: 00007FFBAA686D4F
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: SetLayout.GDI32 ref: 00007FFBAA686D5D
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: SendMessageA.USER32 ref: 00007FFBAA686D97
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: SendMessageA.USER32 ref: 00007FFBAA686DB1
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA686C80: RestoreDC.GDI32 ref: 00007FFBAA686DBC
                                                                                                                                                                                                                                                                      • BeginPaint.USER32 ref: 00007FFBAA6873AB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: GetDC.USER32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700E64
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: SetTextAlign.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700EA0
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700EAE
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700EBB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700ECA
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700ED7
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700EE6
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700EF3
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FFBAA700E40: SetBkMode.GDI32(?,?,?,?,00000000,00007FFBAA7038E6,?,?,?,?,?,?,00000000,?,?,00007FFBAA6BF59E), ref: 00007FFBAA700F06
                                                                                                                                                                                                                                                                      • BeginPaint.USER32 ref: 00007FFBAA6876D8
                                                                                                                                                                                                                                                                      • EndPaint.USER32 ref: 00007FFBAA6876E5
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FFBAA6885A8
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ObjectPaint$Window$Select$Begin$LongStock$CreateMessageRectSectionSend$AlignClientClipCompatibleCriticalDeleteLayoutLeaveModeParentPointsRestoreSaveTextViewport
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 401802432-3916222277
                                                                                                                                                                                                                                                                      • Opcode ID: 1ef6399ee1d82361f8872b1d714f466a9eba0f46ad5f92f77dac1e99eedbbe82
                                                                                                                                                                                                                                                                      • Instruction ID: 75af899d7d745ed6b850c3a7d292978fcd098109b191602451a917a1ebad10bf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ef6399ee1d82361f8872b1d714f466a9eba0f46ad5f92f77dac1e99eedbbe82
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB225D72A15BC1CADB21CF34DC802E973A8FB88B58F405166DA4D5BB68DF38D646C710
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE758920 Relevance: 23.1, APIs: 10, Strings: 2, Instructions: 2077encryptiontimethreadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE758966
                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE758BC4
                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE758CFE
                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE758E70
                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE75936C
                                                                                                                                                                                                                                                                      • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE7595E7
                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE759D6F
                                                                                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32 ref: 00007FF6AE75A27B
                                                                                                                                                                                                                                                                      • CryptGenRandom.ADVAPI32 ref: 00007FF6AE75A2A3
                                                                                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32 ref: 00007FF6AE75A51F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Crypt$ContextCurrentSystemTime$AcquireCounterDiskFileFreeGlobalMemoryPerformanceProcessQueryRandomReleaseSpaceStatusThreadTimes
                                                                                                                                                                                                                                                                      • String ID: @$Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                                                                                                                      • API String ID: 1216455848-3036034798
                                                                                                                                                                                                                                                                      • Opcode ID: 9621706e66f1e1417c7637f2aadf42ab6eae26e5dd89606bbdbe4c20f1c72faa
                                                                                                                                                                                                                                                                      • Instruction ID: d3ad5ea0eec3544f8fb3f9b86a7941e1095a7928956b01d00b9bb9de3b039000
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9621706e66f1e1417c7637f2aadf42ab6eae26e5dd89606bbdbe4c20f1c72faa
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E1339B3A186828BDB549F29E4502BA77B0F7A6744F54013AF389C7689EF2DD905CF10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE61B5E0 Relevance: 7.7, APIs: 5, Instructions: 215threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE742980: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AE74F614), ref: 00007FF6AE7429CB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE742980: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AE74F614), ref: 00007FF6AE7429DB
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE742980: GetCurrentProcess.KERNEL32 ref: 00007FF6AE742A18
                                                                                                                                                                                                                                                                      • InitializeProcThreadAttributeList.KERNEL32 ref: 00007FF6AE61B6D1
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Proc$AddressAttributeCurrentHandleInitializeListModuleProcessThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 295482040-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1775f3841eee03957657563c0e6cb813a6d679f0c770e28a55eb9fc523b3300c
                                                                                                                                                                                                                                                                      • Instruction ID: 7bafbeb3238c6b91dd4c6b5dd4f9a6cf6c10411865d8cde5d262d3e24a36f1f9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1775f3841eee03957657563c0e6cb813a6d679f0c770e28a55eb9fc523b3300c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45A16D32A15B8196E708DF72D9803AD73B4FB58784F509629EB9C63A65DF38E1B1D300
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE75A720 Relevance: 2.9, APIs: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 00007FF6AE75A752
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7ACDF0: AcquireSRWLockExclusive.KERNEL32(?,?,000001DDCA86C210,00007FF6AE5F8681), ref: 00007FF6AE7ACE00
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE758920: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6AE75A793), ref: 00007FF6AE758966
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7ACD80: AcquireSRWLockExclusive.KERNEL32(?,?,000001DDCA86C210,00007FF6AE5F86BC), ref: 00007FF6AE7ACD90
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7ACD80: ReleaseSRWLockExclusive.KERNEL32(?,?,000001DDCA86C210,00007FF6AE5F86BC), ref: 00007FF6AE7ACDD0
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF6AE75ACAF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCriticalSectionTime$EnterFileLeaveReleaseSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 516957425-0
                                                                                                                                                                                                                                                                      • Opcode ID: 504f8d2c7ccc0fd1e804343f61dcfffb5a4e4b2fc537e7e5c6013b07d5375ecd
                                                                                                                                                                                                                                                                      • Instruction ID: 3141a2e0948d7274f82830b7bb55150d900fed9271694a8e6a5e4f06b9b451bc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 504f8d2c7ccc0fd1e804343f61dcfffb5a4e4b2fc537e7e5c6013b07d5375ecd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42029F72A1D6828BE708DB6DE85017ABBA0FBB5350F440139F689C77A6DFACD505CB10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE7420E0 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 178threadmemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$Token$CloseCurrentHandleOpenProcessThread$AllocateCheckDuplicateInitializeMembership
                                                                                                                                                                                                                                                                      • String ID: AllocateAndInitializeSid$Unable to check token membership!$Unable to duplicate the access token!$Unable to open current thread token!$Unable to open default process token!
                                                                                                                                                                                                                                                                      • API String ID: 3930079379-3273639489
                                                                                                                                                                                                                                                                      • Opcode ID: 46567b61cab2fb32fc4ca6ba4a297ce14aafbf3cc7080da22a89abeb1cb19387
                                                                                                                                                                                                                                                                      • Instruction ID: 575c948de799286685002635f6e9933f8a4e00353f13e0712e929bb57c4d7e47
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46567b61cab2fb32fc4ca6ba4a297ce14aafbf3cc7080da22a89abeb1cb19387
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C91B032E0AB4796EB10EB66E8542ED7370FBA4744F404536EA4D93A65DF3CE548C700
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE61B8EB Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressProc$CreateCriticalDirectoryEntryErrorFunctionHandleInitializeLastLibraryLoadLookupModuleSectionSystemUuid
                                                                                                                                                                                                                                                                      • String ID: 1412$6$:$CA55$MiniDumpWriteDump$MiniDumpWriteDump initialization failed, error code {}$RaiseException$dbghelp.dll$kernelbase.dll
                                                                                                                                                                                                                                                                      • API String ID: 565440651-92576876
                                                                                                                                                                                                                                                                      • Opcode ID: b52c5dd3bf7697965bee94dc124aeefacfe1c2661f0359f507a9e087febcd401
                                                                                                                                                                                                                                                                      • Instruction ID: f871e61cbfe8886b7c82b6c9504e6c18fb33b551205bff142ceccd8ee1cb0496
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b52c5dd3bf7697965bee94dc124aeefacfe1c2661f0359f507a9e087febcd401
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CA19D32E19B8596E705DB76E9403AC7360FBA4744F00A635EB9D93A61EF3CE5A4C700
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE61BF4F Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 247COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 1174 7ff6ae61bf4f 1175 7ff6ae61bf52-7ff6ae61bf5b 1174->1175 1175->1175 1176 7ff6ae61bf5d-7ff6ae61bf76 call 7ff6ae5fdf10 1175->1176 1179 7ff6ae61bf78-7ff6ae61bf8e PathRemoveFileSpecW 1176->1179 1180 7ff6ae61bfb1-7ff6ae61c411 call 7ff6ae61d050 call 7ff6ae7ad254 call 7ff6ae5faef0 call 7ff6ae7aece0 call 7ff6ae6229f0 call 7ff6ae5faef0 call 7ff6ae7aece0 call 7ff6ae6229f0 1176->1180 1181 7ff6ae61bf91-7ff6ae61bf9a 1179->1181 1206 7ff6ae61c417-7ff6ae61c475 call 7ff6ae5f83a0 call 7ff6ae6a9540 1180->1206 1207 7ff6ae61c9d9-7ff6ae61c9e7 call 7ff6ae62a470 1180->1207 1181->1181 1183 7ff6ae61bf9c-7ff6ae61bfac call 7ff6ae5fdf10 1181->1183 1183->1180 1221 7ff6ae61c477 1206->1221 1222 7ff6ae61c47a-7ff6ae61c53e call 7ff6ae6227d0 call 7ff6ae62beb0 call 7ff6ae754980 1206->1222 1213 7ff6ae61c9e9-7ff6ae61ca4e call 7ff6ae606cc0 1207->1213 1214 7ff6ae61ca53-7ff6ae61ca58 1207->1214 1225 7ff6ae61cca2-7ff6ae61cca5 call 7ff6ae61cec0 1213->1225 1216 7ff6ae61cb5b-7ff6ae61cb67 1214->1216 1217 7ff6ae61ca5e-7ff6ae61cac8 call 7ff6ae5f79d0 1214->1217 1219 7ff6ae61cb69 1216->1219 1220 7ff6ae61cb6c-7ff6ae61cb75 GetFileAttributesW 1216->1220 1234 7ff6ae61cb08-7ff6ae61cb13 1217->1234 1235 7ff6ae61caca-7ff6ae61cb07 1217->1235 1219->1220 1226 7ff6ae61cb77-7ff6ae61cb79 1220->1226 1227 7ff6ae61cb7f 1220->1227 1221->1222 1251 7ff6ae61c543-7ff6ae61c54d 1222->1251 1239 7ff6ae61ccaa-7ff6ae61cd97 call 7ff6ae5fde60 * 2 call 7ff6ae7acd10 1225->1239 1226->1227 1233 7ff6ae61cb7b-7ff6ae61cb7d 1226->1233 1230 7ff6ae61cb81-7ff6ae61cba1 1227->1230 1236 7ff6ae61cbce-7ff6ae61cc1a call 7ff6ae5f79d0 1230->1236 1237 7ff6ae61cba3-7ff6ae61cbc4 call 7ff6ae6215d0 1230->1237 1233->1230 1234->1225 1240 7ff6ae61cb19-7ff6ae61cb23 1234->1240 1235->1234 1254 7ff6ae61cc5a-7ff6ae61cc65 1236->1254 1255 7ff6ae61cc1c-7ff6ae61cc59 1236->1255 1247 7ff6ae61cbc9 1237->1247 1240->1225 1245 7ff6ae61cb29-7ff6ae61cb40 1240->1245 1245->1225 1259 7ff6ae61cb46-7ff6ae61cb56 1245->1259 1247->1225 1256 7ff6ae61c54f 1251->1256 1257 7ff6ae61c552-7ff6ae61c725 call 7ff6ae5fe0f0 call 7ff6ae5fde60 call 7ff6ae622660 call 7ff6ae622910 call 7ff6ae7fe6e0 call 7ff6ae620550 call 7ff6ae620690 1251->1257 1260 7ff6ae61cc67-7ff6ae61cc71 1254->1260 1261 7ff6ae61cc9c 1254->1261 1255->1254 1256->1257 1285 7ff6ae61c72b-7ff6ae61c72e 1257->1285 1286 7ff6ae61cd9e-7ff6ae61cda3 call 7ff6ae7aa850 1257->1286 1259->1225 1260->1261 1265 7ff6ae61cc73-7ff6ae61cc8a 1260->1265 1261->1225 1265->1261 1273 7ff6ae61cc8c-7ff6ae61cc92 1265->1273 1273->1261 1287 7ff6ae61c7d1 1285->1287 1288 7ff6ae61c734-7ff6ae61c741 1285->1288 1291 7ff6ae61cda4-7ff6ae61cda9 call 7ff6ae5f37d0 1286->1291 1292 7ff6ae61c7d9-7ff6ae61c80a call 7ff6ae621240 1287->1292 1290 7ff6ae61c747-7ff6ae61c7cf call 7ff6ae6020f0 call 7ff6ae7fdf60 1288->1290 1288->1291 1290->1292 1301 7ff6ae61c88c-7ff6ae61c89f 1292->1301 1302 7ff6ae61c810-7ff6ae61c819 1292->1302 1303 7ff6ae61c9a2-7ff6ae61c9d4 call 7ff6ae61cdb0 call 7ff6ae5fde60 call 7ff6ae5fdb20 call 7ff6ae5fde60 1301->1303 1304 7ff6ae61c8a5-7ff6ae61c8b7 1301->1304 1306 7ff6ae61c81b-7ff6ae61c82b 1302->1306 1307 7ff6ae61c860-7ff6ae61c88a call 7ff6ae621240 1302->1307 1303->1207 1309 7ff6ae61c8c0-7ff6ae61c8ca 1304->1309 1310 7ff6ae61c848-7ff6ae61c853 1306->1310 1311 7ff6ae61c82d-7ff6ae61c846 call 7ff6ae5fc6b0 1306->1311 1307->1301 1307->1302 1315 7ff6ae61c8f9-7ff6ae61c933 1309->1315 1316 7ff6ae61c8cc-7ff6ae61c8df call 7ff6ae7acdf0 1309->1316 1310->1307 1317 7ff6ae61c85b call 7ff6ae621b20 1310->1317 1311->1307 1321 7ff6ae61c938-7ff6ae61c98f call 7ff6ae600cd0 1315->1321 1322 7ff6ae61c935 1315->1322 1316->1315 1328 7ff6ae61c8e1-7ff6ae61c8f4 call 7ff6ae7aad50 call 7ff6ae7acd80 1316->1328 1317->1307 1330 7ff6ae61c991 1321->1330 1331 7ff6ae61c995-7ff6ae61c99c 1321->1331 1322->1321 1328->1315 1330->1331 1331->1303 1331->1309
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FilePathRemoveSpec__std_exception_destroy
                                                                                                                                                                                                                                                                      • String ID: "$1412$?$CA55$CrashGuard initialized successfully, external debugger attached$CrashGuard initialized successfully, only internal dumping available$CrashGuardProcessWatcherExclusions$D$Failed to install crash hooks$avcfg://settings/CrashGuard/DumpFirstChance$avcfg://settings/CrashGuard/FullDumpFraction$python.exe;pythonw.exe;
                                                                                                                                                                                                                                                                      • API String ID: 962821443-372037041
                                                                                                                                                                                                                                                                      • Opcode ID: 68532771c768199267e1691565e5c7c8083118bb7397fc08760958f37ff46e31
                                                                                                                                                                                                                                                                      • Instruction ID: 1f9622b77bdd947522b5e5b45b4d0cc462742d9fe629f8475878c8992d7e16f2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68532771c768199267e1691565e5c7c8083118bb7397fc08760958f37ff46e31
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CD1903291EBC685EA61EF16E4403EE7360FBA5740F406532EA8D936A9DF3CD585DB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE742D60 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastThread$CurrentOpenToken$ImpersonateSelf
                                                                                                                                                                                                                                                                      • String ID: Unable to assign the process impersonation token to the thread!$Unable to obtain the thread access token!
                                                                                                                                                                                                                                                                      • API String ID: 98968010-1627354483
                                                                                                                                                                                                                                                                      • Opcode ID: 89b81d41f91d8fcaac0b3c6dd128e0c325d0ea1a2f66212f0c7e4c3b52ce73bc
                                                                                                                                                                                                                                                                      • Instruction ID: 5a5d1d21b82832051748a11fbb45913a204de3dd1259c535baaa920f5183dcdc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89b81d41f91d8fcaac0b3c6dd128e0c325d0ea1a2f66212f0c7e4c3b52ce73bc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE219F21A1AA4396EB10BB66E8583BA6360FF64744F804171FA5DC32A5EF3CE64DC750
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE61BDEF Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileModule$AttributesErrorHandleLastName
                                                                                                                                                                                                                                                                      • String ID: 1412$CA55$G$Install failed: cannot get filename of current process due to error: {}$u
                                                                                                                                                                                                                                                                      • API String ID: 816269828-125834478
                                                                                                                                                                                                                                                                      • Opcode ID: 0bc7cb114cc72ae993ba7c1dc3cb8bd04e3a852d481cf5bab0577f8c96ac4bb9
                                                                                                                                                                                                                                                                      • Instruction ID: 770a9f5f5bad199bfc4d3eff2802c0f768b8039bee85104e436b4d6f7112f00b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bc7cb114cc72ae993ba7c1dc3cb8bd04e3a852d481cf5bab0577f8c96ac4bb9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1317272909BC286E721EF66F4503AEB3A0FB91744F401536E69C83699DF3CE485DB40
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA695870 Relevance: 15.2, APIs: 10, Instructions: 202windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CtrlMessageSend$ParentWindow$Rect
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3091584759-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9dfa57896e832b692b70578ae15d720cb1c0af0b74d2eddd8eb269646be358f6
                                                                                                                                                                                                                                                                      • Instruction ID: 8427b08d10dbe44a52353e2bd04f4df63a348469b6be2f8a68bd466de32191dc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dfa57896e832b692b70578ae15d720cb1c0af0b74d2eddd8eb269646be358f6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34917BB2A0AA81C6EB158F35E8902AD73A8FB4DF94F004076CE4E57764CF3CE5568760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA701D30 Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RectVisible.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701D80
                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DB4
                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DC1
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DCA
                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DD5
                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DE2
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DEB
                                                                                                                                                                                                                                                                      • SaveDC.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701DF5
                                                                                                                                                                                                                                                                      • IntersectClipRect.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFBAA703920), ref: 00007FFBAA701E39
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Object$DeleteRectSelectStock$ClipIntersectSaveVisible
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1353815414-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4397cd986a8753699676aedc5ef3d4b893058a32d08c8423cf1aa7fc0bd12b46
                                                                                                                                                                                                                                                                      • Instruction ID: 162d10e3aaa6a704da401f076e58286f6dfe44e7383fc07a3fd8c709d3420798
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4397cd986a8753699676aedc5ef3d4b893058a32d08c8423cf1aa7fc0bd12b46
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71311D76A09A81DBDB41DF25E59452AB3A4FB88B94F404026EF8E83718DF3CE4528B10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE7D4070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF6AE7D49A8,?,?,?,?,00007FF6AE7D02DD,?,?,?,?,00007FF6AE7AA5C4), ref: 00007FF6AE7D41EF
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF6AE7D49A8,?,?,?,?,00007FF6AE7D02DD,?,?,?,?,00007FF6AE7AA5C4), ref: 00007FF6AE7D41FB
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 5d6153e544ae884e6be49f66bbf10d51b184a83c3381c89dbfd5eb331c8d0587
                                                                                                                                                                                                                                                                      • Instruction ID: 07a3b03c509c9ce62cad4283e0e0ee4943d59b1286b7ce50ff42657fe200316d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d6153e544ae884e6be49f66bbf10d51b184a83c3381c89dbfd5eb331c8d0587
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B441E226B0AA1281EA12EB17EC5417563D6BF65BE0F084235ED1DC7784EE3EE446C740
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE61D074 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                      • String ID: 1412$CA55$Process dumper doesn't exist in path '$kT
                                                                                                                                                                                                                                                                      • API String ID: 3188754299-3328827871
                                                                                                                                                                                                                                                                      • Opcode ID: 9e49c0bb97abce77a4f8995457144b49f1f47d4f3dbbe7514e02eeac80b94cbe
                                                                                                                                                                                                                                                                      • Instruction ID: cfb10a83b137097063425e8775a6dc3f5bc1699ef4563ea1086f4c2c9121696b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e49c0bb97abce77a4f8995457144b49f1f47d4f3dbbe7514e02eeac80b94cbe
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB31B121A2E54281EA11FF17E5501BA6360FFA1791F402A35FA5D876D9DF2DE4059B00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE7C3FF8 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2067211477-0
                                                                                                                                                                                                                                                                      • Opcode ID: 86fde46315ec145f1fafc169df4172b4604b24502f2d42cb1b84a9dee100768e
                                                                                                                                                                                                                                                                      • Instruction ID: 6ef2dcd38e09561576048b3ed7a9588d7e253eef1bb076960c9cbb9988bc498b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86fde46315ec145f1fafc169df4172b4604b24502f2d42cb1b84a9dee100768e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0214F26B0A75282EE54AB67F415179A2A8AFE4B80F044575FE4DC3B95EF3CF840C750
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE754850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7576C0: RegOpenKeyExW.ADVAPI32 ref: 00007FF6AE75778E
                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32 ref: 00007FF6AE7548D1
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7543A0: __std_exception_copy.LIBVCRUNTIME ref: 00007FF6AE7544E6
                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32 ref: 00007FF6AE754909
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32 ref: 00007FF6AE754915
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7AF810: RtlPcToFileHeader.NTDLL(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF6AE7AA8D6), ref: 00007FF6AE7AF860
                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6AE7AF810: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF6AE7AA8D6), ref: 00007FF6AE7AF8A1
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseErrorExceptionFileHeaderLastOpenQueryRaiseValue__std_exception_copy
                                                                                                                                                                                                                                                                      • String ID: Cannot query registry value
                                                                                                                                                                                                                                                                      • API String ID: 2471027143-1100310711
                                                                                                                                                                                                                                                                      • Opcode ID: 787f247438136ea345512c5dd3c2bb352683b47488344db3cccee6f2211c5fed
                                                                                                                                                                                                                                                                      • Instruction ID: bcf6b78c3cf42a41fae6879802612a7e430289b6264e49a680a5fbc903d296e3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 787f247438136ea345512c5dd3c2bb352683b47488344db3cccee6f2211c5fed
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5316C32B49A8189EB10EF66E4512EC73B4FB68748F445435FA8E83A59EF38E254C350
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6883EB Relevance: 6.1, APIs: 4, Instructions: 83timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Timer$ClickCriticalDoubleLeaveSectionTime
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2419403106-0
                                                                                                                                                                                                                                                                      • Opcode ID: ca7ff4eb6e09aa509fc08cc7a984e7a6040556234b966d2e0ffc08b8e3a1683f
                                                                                                                                                                                                                                                                      • Instruction ID: c01c11b9fdb8ba737c3de768bf6f5b0ea2ceece5d9e0810621aae4c20afe8e37
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca7ff4eb6e09aa509fc08cc7a984e7a6040556234b966d2e0ffc08b8e3a1683f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4316D7670668186EB9ACF35E9546B8A7A8FB88B94F045172CF1D43760DF38E462CB10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA686A70 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterKillLeaveTimer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 610966039-0
                                                                                                                                                                                                                                                                      • Opcode ID: 539da9b9316b922e6e21dc1f72e359e297ca7eb0a7c8d5dc39b8b531bea70243
                                                                                                                                                                                                                                                                      • Instruction ID: c417174e98a322054bc1568c1a5f9110da097ecc588453f1c008307b641dd416
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 539da9b9316b922e6e21dc1f72e359e297ca7eb0a7c8d5dc39b8b531bea70243
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43216DA6A09A45C1EA119F25E884679A3A8FB4EFD9F0451B1DD4E47360CF3CD8578710
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE7AF810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RtlPcToFileHeader.NTDLL(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF6AE7AA8D6), ref: 00007FF6AE7AF860
                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF6AE7AA8D6), ref: 00007FF6AE7AF8A1
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: 14b343bba3e759a0b405607f243f3861f6fe699e4418d788d4a04240fec03d74
                                                                                                                                                                                                                                                                      • Instruction ID: da3e8247e21e52166258823a810851a3fed1250cb2018c171395ee9eed3107b4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14b343bba3e759a0b405607f243f3861f6fe699e4418d788d4a04240fec03d74
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35112B3261AB4182EB259B16F440269B7E5FB98B84F584231EFCD87B68DF3CD551CB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6B6520 Relevance: 5.0, APIs: 3, Instructions: 492windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Focus$ForegroundWindow
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 332191172-0
                                                                                                                                                                                                                                                                      • Opcode ID: babc22d35e2296561feab44a13a7fc11baa967449719b41320e9c18150e58208
                                                                                                                                                                                                                                                                      • Instruction ID: 27abb1d12e9346bc6e0b17653d5f22eb92fcac0c46519674be15e70d62633319
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: babc22d35e2296561feab44a13a7fc11baa967449719b41320e9c18150e58208
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B2258B6B0AB45C6EB12CF66E4546AE63B8FB48B98F054472CE4D47764DF38D44AC320
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA694660 Relevance: 4.6, APIs: 3, Instructions: 122timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 951747058-0
                                                                                                                                                                                                                                                                      • Opcode ID: f5ee847835496909cef82b2f27682b0da41e1e1de5265088012221144c7635d8
                                                                                                                                                                                                                                                                      • Instruction ID: 999cd0447d6c822f4d8bb3afe63a2c6ace5db730f5ec2745b74202c761908470
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5ee847835496909cef82b2f27682b0da41e1e1de5265088012221144c7635d8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7851A0B660AB85C2EA12CB29E88467D73A8FB89F94F055071DE4E47760DF3CD442CB50
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA692660 Relevance: 4.6, APIs: 3, Instructions: 105timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 951747058-0
                                                                                                                                                                                                                                                                      • Opcode ID: d10d864cdeb864571d251d12f4e38ce8becc48beac5cb63871e74731eda5ecbb
                                                                                                                                                                                                                                                                      • Instruction ID: 4f8b712c7379a9d8348753b6448beaeb8632da1db7e388dc1e4c8cc23c572477
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d10d864cdeb864571d251d12f4e38ce8becc48beac5cb63871e74731eda5ecbb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D411FB660AB46C2EE16DB39E89457D63A8FB89F94F045072CE4E57760CF3CD4468B20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA686E70 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalEnterSection
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1904992153-0
                                                                                                                                                                                                                                                                      • Opcode ID: 678659e541d088878546a59159e9190b67a79a79fdd7a576fe8a80802ba82d37
                                                                                                                                                                                                                                                                      • Instruction ID: 32d81cda94bdad94d9fbd0bd19751fe9875b92d713d4ed9c8b117f280ea8dd55
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 678659e541d088878546a59159e9190b67a79a79fdd7a576fe8a80802ba82d37
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C431C8A2A0B606C2EA579F39D980278A39CBF4DFD4F095071CE0E13B95DF3CA4578621
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA68E790 Relevance: 4.6, APIs: 3, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CtrlMessageParentSend
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1176577205-0
                                                                                                                                                                                                                                                                      • Opcode ID: 22944f4c669d8131fd1c291a5a23b761b8dc44ee78cecb5fd4f0807b65f26224
                                                                                                                                                                                                                                                                      • Instruction ID: 24a67e13d0cf0be378a92c730e1bc7b3c47f6713ab9899b262b1eef6b4a7672d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22944f4c669d8131fd1c291a5a23b761b8dc44ee78cecb5fd4f0807b65f26224
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D218EB2A0A741C6EF119B26E814669B3A8EB89BD4F141175EE4D4B754DF3CD4428B20
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE62B580 Relevance: 4.6, APIs: 3, Instructions: 53timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Times$CountProcessSystemTick
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1969624557-0
                                                                                                                                                                                                                                                                      • Opcode ID: e5a8df25eb447f0897b7af9c56eb5d091a523079ee8049f9c4802534b2662b99
                                                                                                                                                                                                                                                                      • Instruction ID: 38e398330190b4179e7e75de0779e0d013c7f362b535b5b9568988a4a2106a15
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5a8df25eb447f0897b7af9c56eb5d091a523079ee8049f9c4802534b2662b99
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7121FB32919F8682DB509F29E44016EB3B4FB98B88F505126EB8D83729EF38E594C740
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA691730 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ClientCursorFromPointScreenWindow
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3548534679-0
                                                                                                                                                                                                                                                                      • Opcode ID: 0df2ca66a77a67eff6004b281091b7cb32444f7e6fae7b2cac9491fca2edc585
                                                                                                                                                                                                                                                                      • Instruction ID: b444994ef02d742aa342e4e7c4b61e215845097f7c3e0760d3cc3fca66fbce42
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0df2ca66a77a67eff6004b281091b7cb32444f7e6fae7b2cac9491fca2edc585
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE1129B6A09B41C2DB42CF26E58456E63A4FB88BC4F045072EE4D8B718DF2CD4568B10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A3980 Relevance: 3.8, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1a6a625c635c064b87a707738c5bf3c42742581eb1f23db75f5a0ccd18f37ba8
                                                                                                                                                                                                                                                                      • Instruction ID: b8d75281674f8f2e72896a14bb3b1abdf4027308c6a971e9dcc88de55a12def4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a6a625c635c064b87a707738c5bf3c42742581eb1f23db75f5a0ccd18f37ba8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81213DB6706B56C1EB168F2AE844A68B7A8FB89F94F055072CE0D47370EF3CD8468710
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FF6AE7576C0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 181registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3225651421.00007FF6AE5F1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AE5F0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225625060.00007FF6AE5F0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225799888.00007FF6AE832000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225872792.00007FF6AE913000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225896444.00007FF6AE915000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225920697.00007FF6AE91E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225943818.00007FF6AE921000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225967747.00007FF6AE926000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3225989281.00007FF6AE927000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226012874.00007FF6AE92F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226041316.00007FF6AE931000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226064596.00007FF6AE933000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226085631.00007FF6AE934000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE985000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226124325.00007FF6AE98A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3226172062.00007FF6AE98F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff6ae5f0000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                                                      • String ID: Cannot open registry key
                                                                                                                                                                                                                                                                      • API String ID: 71445658-2132507311
                                                                                                                                                                                                                                                                      • Opcode ID: 6b1a80dc925dd75e92f34d0c4196cd048920ce2b6d49fe1ea4bcebaca512445f
                                                                                                                                                                                                                                                                      • Instruction ID: bb31be79dd1712f8e2f6cc5e4401d86b609a3d6f41fba78f12aaf4bf46d19fe5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b1a80dc925dd75e92f34d0c4196cd048920ce2b6d49fe1ea4bcebaca512445f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B617B33B097818AE7209F2AE9446ADB7A4FB58788F545425EF8D97B09DF38E191C700
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA693570 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: UpdateWindow
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2116364557-0
                                                                                                                                                                                                                                                                      • Opcode ID: 8792a9398a5c70e99f2ce61b68db96d16d090379dc9f398749ca7728ec2d28f3
                                                                                                                                                                                                                                                                      • Instruction ID: bcf28b970acc47cd73725890c1a1cf6aed4e44bb64282c52262428f64b632eb1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8792a9398a5c70e99f2ce61b68db96d16d090379dc9f398749ca7728ec2d28f3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C21607670AA46C6EA158B2AE49427DB7A4FB89F94F044279DE5D43764CF2CE0028B10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A4420 Relevance: 2.6, APIs: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 308616df00a90933d13545723838428ce84beef1b2d32e312c8a36e477f94bcd
                                                                                                                                                                                                                                                                      • Instruction ID: 6e66ce9a09e8faa021c6338b1eff3f822d8c2c9f5c26ad7b81c837371ad291c5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 308616df00a90933d13545723838428ce84beef1b2d32e312c8a36e477f94bcd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 685164B6A0AA45C2EA56DB2AEC4413963B8FF88FE0F055171DE5E437A4DF2CE446C710
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A2E50 Relevance: 2.6, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                      • Opcode ID: cd69026042e174328557287e0688da0010430cd6fc5da25317d5e8b41331ed32
                                                                                                                                                                                                                                                                      • Instruction ID: dca2f1a6bda531391e245bb1af80e7733b1460320ab92bda3d019d14b910bff1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd69026042e174328557287e0688da0010430cd6fc5da25317d5e8b41331ed32
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9319272B19281C6EB65CB39E94027AA3E8FB49BC0F044075DE5D83B64DF2CE4528F10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A1370 Relevance: 2.6, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                      • Opcode ID: 309fad0162d0ed1fe6affee8bd2fc322923b7dc08974d4d934bab18ae7c7cb82
                                                                                                                                                                                                                                                                      • Instruction ID: 23f297c23627d70fade5da4cc27d5c8c03558e7e876bd9ac2618810e610fae09
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 309fad0162d0ed1fe6affee8bd2fc322923b7dc08974d4d934bab18ae7c7cb82
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 673112B6606B46C1EE16DB2AE954269A7B8FB88FD0F454072CE1D433A0DF3CD8468710
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA689310 Relevance: 2.5, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                      • Opcode ID: 68c330fe6670181e2a730212d2b734b7f1becf170376018d40afb2a0a558a6e8
                                                                                                                                                                                                                                                                      • Instruction ID: facad7fb2487c8a1491da7d219e097618fe9ca46de971421e625de67490c3d68
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68c330fe6670181e2a730212d2b734b7f1becf170376018d40afb2a0a558a6e8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DF06262B19741C2DF55DB2AF94446EA7A4EB8DBD0F581071EE4D03B18EE3CD4918B10
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA756550 Relevance: 1.6, APIs: 1, Instructions: 94timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Timer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2870079774-0
                                                                                                                                                                                                                                                                      • Opcode ID: 704257faab155b8ffa78ab25f67463c409a334e6a7269c2a0184773ee25d0065
                                                                                                                                                                                                                                                                      • Instruction ID: ccd62e00e3c6a85992b5b205f67b2bad7fb9fe73b2ae4228a382ef04a8dd62ae
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 704257faab155b8ffa78ab25f67463c409a334e6a7269c2a0184773ee25d0065
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A4150A6606B46C2EE16DF26E45017AA3A4FF88F90F084076CE5E477A5DF3CD4528760
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA904144 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 24e1cc0ced93dc8532e351f1704293ce71c0d2cb446e57a1d0dd579aeb9f16b4
                                                                                                                                                                                                                                                                      • Instruction ID: 40708a6aa6c616f086af2b6c46574ad2c86e80d963500569afc88ee3d1b2ae3e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24e1cc0ced93dc8532e351f1704293ce71c0d2cb446e57a1d0dd579aeb9f16b4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4D06C90E9B616E0F9AB26B1C8911B9018D0FB5BB0E1807B09C3D952D6AD1CA4978171
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA94BDD4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FFBAA9561C1,?,?,00000000,00007FFBAA94575F,?,?,?,00007FFBAA94A88F,?,?,?,00007FFBAA94A785), ref: 00007FFBAA94BE12
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9c345e38f2cfe88544f0fe2ae6d5bc5932e43e176e40cd112e1d4dc4f4f9c25e
                                                                                                                                                                                                                                                                      • Instruction ID: 49880371193c3654dcdc87aa939c66fae32cda157b26fcfc8a7da8dc98ae4419
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c345e38f2cfe88544f0fe2ae6d5bc5932e43e176e40cd112e1d4dc4f4f9c25e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F0FEE4B0F606C6FA566A72D84127A21DD5F897B0F5846B0DF2EC66C1EE1CE45342B0
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A1BC9 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                      • Opcode ID: 60397c6184e81fac384fd1c756b195f528fbdf3da1c9bd47ccee93472cc6e775
                                                                                                                                                                                                                                                                      • Instruction ID: 444d984f2e52d39b3e9e8af93b5baf080acc849a82fd333a4ccbb2444776e6f3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60397c6184e81fac384fd1c756b195f528fbdf3da1c9bd47ccee93472cc6e775
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31E06DA6209695C2D6018B16F04416ABB69F785FD8F841026FF8E47B89CF3DD08ACB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A1BBF Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                      • Opcode ID: 644d852335a7172b4dc46b6be2baeba7e7fa1b76febec440c9824cbf27fc1192
                                                                                                                                                                                                                                                                      • Instruction ID: f8362a460d8b2a5085a0980c69af9179536c1268cf07db8241186de0b55bb44e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 644d852335a7172b4dc46b6be2baeba7e7fa1b76febec440c9824cbf27fc1192
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3E06DA6209695C2D6028B16F44416ABB69F785FD8F841026FF8E47B89CF3CD189CB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A1BB5 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                      • Opcode ID: 33ff3a89048676a2f8b75ee89bb9442b2699a01de990520174a88da17a1790e2
                                                                                                                                                                                                                                                                      • Instruction ID: 241bed9312335a4e738550306099f562c3958089f8ad82431f035f2d541ae604
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33ff3a89048676a2f8b75ee89bb9442b2699a01de990520174a88da17a1790e2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFE06DA6209695C2D6018B16F04516ABB69F785FD8F841026FF8E47B89CF3CD089CB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A1BAB Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                      • Opcode ID: fbe343d7d1f772a12b6654d10fff18a1cec5c7235f7dd151da249924e02a9b9c
                                                                                                                                                                                                                                                                      • Instruction ID: 9ee36a0bc33364fe39f7d0f249f8d407e6a6b3a07dcb3e333a10dcf92b63087e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbe343d7d1f772a12b6654d10fff18a1cec5c7235f7dd151da249924e02a9b9c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66E06DA6209695C2D6018B16F0441AABB69F785FD8F841026FF8E47B89CF3DD089CB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                      Function 00007FFBAA6A1BD3 Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3228186490.00007FFBAA681000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFBAA680000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228160834.00007FFBAA680000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228429501.00007FFBAA98D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228563561.00007FFBAAA35000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228588073.00007FFBAAA36000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228614845.00007FFBAAA37000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228637527.00007FFBAAA38000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228661200.00007FFBAAA39000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228686572.00007FFBAAA3C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228708431.00007FFBAAA42000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000008.00000002.3228730973.00007FFBAAA46000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ffbaa680000_instup.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                      • Opcode ID: 757598b58ef62265fb852523330b5329ebe2ee16bafd93f1aa683e4d6a392082
                                                                                                                                                                                                                                                                      • Instruction ID: ceccffe3a17738b0f4cbe8e5e0eaecf2a1e0137f48da350e9ba468f7c0924d40
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 757598b58ef62265fb852523330b5329ebe2ee16bafd93f1aa683e4d6a392082
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEE09AA6308B9482CA018B12F04409AFB69F789FD8F840016FF8E43B99CF3CD089CB00
                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%