Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VisualStudioSetup.exe

Overview

General Information

Sample name:VisualStudioSetup.exe
Analysis ID:1446645
MD5:e81c3dce4ebe9d90c39a0dc4a7782dcf
SHA1:d55e946462aaecb5371db48a3d21bcba8dcaaeb1
SHA256:84af88add861a83a58867c92ba1445016c98879400450b1e7f39a815b6ae43b2
Infos:

Detection

PureCrypter
Score:28
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Detected PureCrypter Trojan
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Writes or reads registry keys via WMI
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • VisualStudioSetup.exe (PID: 4148 cmdline: "C:\Users\user\Desktop\VisualStudioSetup.exe" MD5: E81C3DCE4EBE9D90C39A0DC4A7782DCF)
    • vs_setup_bootstrapper.exe (PID: 3160 cmdline: "C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop" MD5: 4108506D8CDC3A03BB7E4496025EE902)
      • getmac.exe (PID: 4724 cmdline: "getmac" MD5: 31874C37626D02373768F72A64E76214)
        • conhost.exe (PID: 3408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WmiPrvSE.exe (PID: 6392 cmdline: C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding MD5: 64ACA4F48771A5BA50CD50F2410632AD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PureCrypterAccording to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    2.2.vs_setup_bootstrapper.exe.53f0000.2.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090B697 CryptAcquireContextW,GetLastError,CryptGenRandom,GetLastError,CryptReleaseContext,0_2_0090B697
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090B7E1 LoadLibraryW,GetLastError,GetProcAddress,GetLastError,DecryptFileW,GetLastError,0_2_0090B7E1
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090C1A3 BCryptOpenAlgorithmProvider,BCryptCreateHash,ReadFile,BCryptHashData,BCryptFinishHash,GetProcessHeap,HeapFree,GetLastError,BCryptDestroyHash,BCryptCloseAlgorithmProvider,0_2_0090C1A3
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D31E0 CryptQueryObject,__CxxThrowException@8,CryptMsgGetParam,CryptMsgGetParam,lstrcmpA,CryptMsgOpenToDecode,CryptMsgUpdate,__CxxThrowException@8,__CxxThrowException@8,CryptMsgGetParam,CryptMsgGetParam,__CxxThrowException@8,CertNameToStrW,CertNameToStrW,__CxxThrowException@8,lstrcmpA,CryptDecodeObject,CryptDecodeObject,__CxxThrowException@8,2_2_6C6D31E0
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D43F0 CryptMsgClose,2_2_6C6D43F0
      Source: VisualStudioSetup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\dd_VisualStudioSetup_decompression_log.txtJump to behavior
      Source: VisualStudioSetup.exeStatic PE information: certificate valid
      Source: VisualStudioSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\a\1\s\_builds\windows-x64\msalruntime\bin\RelWithDebInfo\msalruntime.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client.Broker/obj/Release/net461/Microsoft.Identity.Client.Broker.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\C2RSignatureReader.Interop\obj\Release\net472\Microsoft.C2RSignatureReader.Interop.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479193886.0000000005112000.00000002.00000001.01000000.0000000A.sdmp, Microsoft.C2RSignatureReader.Interop.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\C2RSignatureReader.Native\bin\Release\Win32\Microsoft.C2RSignatureReader.Native.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4496447586.000000006C6E2000.00000002.00000001.01000000.00000011.sdmp, Microsoft.C2RSignatureReader.Native.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4482080659.00000000059B2000.00000002.00000001.01000000.0000000E.sdmp, System.Memory.dll.0.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4482262211.0000000005A22000.00000002.00000001.01000000.0000000C.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4482262211.0000000005A22000.00000002.00000001.01000000.0000000C.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-x86\msalruntime\interop\net\obj\Win32\RelWithDebInfo\net461\Microsoft.Identity.Client.NativeInterop.pdbSHA256J source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.NativeInterop.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\Microsoft.VisualStudio.RemoteControl\Release\net45\Microsoft.VisualStudio.RemoteControl.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Bootstrapper\obj\Release\net472\vs_setup_bootstrapper.pdb7 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net472\Microsoft.VisualStudio.Setup.Download.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480241119.00000000053F2000.00000002.00000001.01000000.0000000B.sdmp, Microsoft.VisualStudio.Setup.Download.dll.0.dr
      Source: Binary string: /_/src/Microsoft.Identity.Client.Extensions.Msal/obj/Release/net45/Microsoft.Identity.Client.Extensions.Msal.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client/obj/Release/net461/Microsoft.Identity.Client.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Utilities.Internal\Release\net45\Microsoft.VisualStudio.Utilities.Internal.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481871499.0000000005962000.00000002.00000001.01000000.0000000D.sdmp, Microsoft.VisualStudio.Utilities.Internal.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb* source: VisualStudioSetup.exe
      Source: Binary string: /_/src/Microsoft.IdentityModel.Abstractions/obj/Release/net472/Microsoft.IdentityModel.Abstractions.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.IdentityModel.Abstractions.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-x86\msalruntime\bin\RelWithDebInfo\msalruntime_x86.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb source: VisualStudioSetup.exe
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481054308.00000000055D2000.00000002.00000001.01000000.0000000F.sdmp, System.Runtime.CompilerServices.Unsafe.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Bootstrapper\obj\Release\net472\vs_setup_bootstrapper.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Common\obj\Release\net472\Microsoft.VisualStudio.Setup.Common.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480495615.0000000005442000.00000002.00000001.01000000.00000008.sdmp, Microsoft.VisualStudio.Setup.Common.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481054308.00000000055D2000.00000002.00000001.01000000.0000000F.sdmp, System.Runtime.CompilerServices.Unsafe.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\VSInstallerElevationRequestService.Contracts\obj\Release\net472\VSInstallerElevationService.Contracts.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, VSInstallerElevationService.Contracts.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup\obj\Release\net472\Microsoft.VisualStudio.Setup.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Telemetry\Release\net45\Microsoft.VisualStudio.Telemetry.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4483058233.0000000005FB7000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.dr
      Source: Binary string: /_/src/Microsoft.Identity.Client.Extensions.Msal/obj/Release/net45/Microsoft.Identity.Client.Extensions.Msal.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Utilities.Internal\Release\net45\Microsoft.VisualStudio.Utilities.Internal.pdbSHA256x source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481871499.0000000005962000.00000002.00000001.01000000.0000000D.sdmp, Microsoft.VisualStudio.Utilities.Internal.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client.Broker/obj/Release/net461/Microsoft.Identity.Client.Broker.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\Microsoft.VisualStudio.RemoteControl\Release\net45\Microsoft.VisualStudio.RemoteControl.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Telemetry\Release\net45\Microsoft.VisualStudio.Telemetry.pdbSHA256{v source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4483058233.0000000005FB7000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-x86\msalruntime\interop\net\obj\Win32\RelWithDebInfo\net461\Microsoft.Identity.Client.NativeInterop.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.NativeInterop.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client/obj/Release/net461/Microsoft.Identity.Client.pdbSHA256so source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr
      Source: Binary string: /_/src/Microsoft.IdentityModel.Abstractions/obj/Release/net472/Microsoft.IdentityModel.Abstractions.pdbSHA256Hw[ source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.IdentityModel.Abstractions.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-arm64\msalruntime\bin\RelWithDebInfo\msalruntime_arm64.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090CAD9 FindFirstFileW,GetLastError,FindNextFileW,CloseHandle,FindClose,0_2_0090CAD9
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090EB72 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW,GetLastError,0_2_0090EB72
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092A58A FindFirstFileExW,0_2_0092A58A
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6DA1EA FindFirstFileExW,2_2_6C6DA1EA
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: 2.2.vs_setup_bootstrapper.exe.53f0000.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll, type: DROPPED
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/token
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480241119.00000000053F2000.00000002.00000001.01000000.0000000B.sdmp, Microsoft.VisualStudio.Setup.Download.dll.0.drString found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://micros
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://169.254.169.254/metadata/instance/compute/location
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://aka.ms/msal-net-iwa
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://aka.ms/valid-authorities
      Source: Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: http://aka.ms/vs/setup/layout/errors/missingpackages)
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issuewsdl:definitionswsp:PolicyxmlUnable
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds:mustUnderstandwss
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdwsu:Expireswsse:Use
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJurn:oasis:names:t
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e11290.dspg.akamaiedge.net
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e11290.dspg.akamaiedge.netd
      Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/http
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/httpsoap12:bindingFound
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/httpsoapActiontransportsoap12:bindingAssociated
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/IssueBuilding
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuehttp://schemas.xmlsoap.org/ws/2005/05/identity/NoPr
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueMEX
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWhttp://schemas.xmlsoap.org/ws/2005/02/trustsht
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuehttp://docs.oasis-open.org/ws-sx/ws-trust/20051
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trusthttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicyOhttp://schemas.xmlsoap.org/wsdl/soap12/)===
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: http://standards.iso.org/iso/19770/-2/2009/schema.xsd
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://targetednotifications-tm.trafficmanager.net
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://targetednotifications-tm.trafficmanager.netd
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://waws-prod-mwh-053-6a6c.westus2.cloudapp.azure.com
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://waws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comd
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: http://www.tagvault.org/tv_extensions.xsd
      Source: vs_setup_bootstrapper.exeString found in binary or memory: https://aka.ms
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000000.2039840885.00000000005F2000.00000002.00000001.01000000.00000005.sdmp, vs_setup_bootstrapper.exe.0.drString found in binary or memory: https://aka.ms/
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/Brokered-Authentication-for-Android.
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/D
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/VSSetupErrorReports?q=
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000000.2039840885.00000000005F2000.00000002.00000001.01000000.00000005.sdmp, vs_setup_bootstrapper.exe.0.drString found in binary or memory: https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop-InstallVersionHelpLinkUhttps://aka.ms/vs/in
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/adal_token_cache_serialization.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-brokers
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-brokers.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-client-apps
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-interactive-android
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-2-released)
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-3-breaking-changes
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-3-breaking-changes.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-change
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-change).
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-changea
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-4x-cache-breaking-change
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-4x-cache-breaking-changeZ
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-application-configuration
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-application-configuration.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-authority-override
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-b2c
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-brokers
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-cca-token-cache-serialization
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-cca-token-cache-serialization.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-client-credentials
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-client-credentials.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-custom-instance-metadata
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-custom-web-ui.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-device-code-flow
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-enable-keychain-access
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-enable-keychain-groups
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-experimental-features
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-invalid-client
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-ios-13-broker
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-ios-broker.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-iwa
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-iwa-troubleshooting
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-logging.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-long-running-obo
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-os-browser
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-os-browser.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-pop
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-pop.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-region-discovery
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-ropc
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-signed-assertion.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-system-browsers
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-telemetry.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-telemetry.M
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-throttling.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-throttling.JNo
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-token-cache-serialization
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-up
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-up.
      Source: Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://aka.ms/msal-net-wam
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://aka.ms/msal-net-wam#parent-window-handles
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://aka.ms/msal-net-wam#troubleshooting
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://aka.ms/msal-net-wam#wam-limitations
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-webview2
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net-xamarin
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-net/ccsRouting.
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/msal-statemismatcherror
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.ms/net-cache-persistence-errors.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vs/
      Source: VisualStudioSetup.exe, 00000000.00000003.2036722456.0000000004C87000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2036581027.0000000004BFD000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2037300636.0000000004C67000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.json.0.dr, vs_setup_bootstrapper_202405231229282350.json.2.drString found in binary or memory: https://aka.ms/vs/17/release/channel
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.config.0.dr, dd_bootstrapper_20240523122858.log.2.drString found in binary or memory: https://aka.ms/vs/17/release/installer
      Source: vs_setup_bootstrapper.exeString found in binary or memory: https://aka.ms/vs/arm
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vs/arm/DriveAccessibilityCheckmPrecheck:
      Source: vs_setup_bootstrapper.exeString found in binary or memory: https://aka.ms/vs/arm64SSU
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vs/arm64SSU5BackgroundDownloadPrecheck
      Source: vs_setup_bootstrapper.exeString found in binary or memory: https://aka.ms/vs/channels
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vs/channels3packageProgressCollection
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vs/cleanup
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000000.2039840885.00000000005F2000.00000002.00000001.01000000.00000005.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe.0.drString found in binary or memory: https://aka.ms/vs/config/v2/
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/vs/install/latest/installer
      Source: vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/vs/installer/latest/feed
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vs/installer/latest/feed)latestInstaller.json
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://aka.ms/vsinstallation-webview2)
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://aka.msa/msal-net-3x-cache-breaking-change
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net
      Source: vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://az667904.vo.msecnd.net/pub-v
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C1B4000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C10C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C1B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json-
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4487264572.0000000007C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json.errormarker
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4487264572.0000000007C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json.errormarkerE
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json.errormarkerd
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4487264572.0000000007C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json.errormarkerq
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.00000000030BB000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.jsonC:
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.jsonLMEM
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.jsond
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.net:443/pub/Default/v2/dyntelconfig.jsond
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az667904.vo.msecnd.netD
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net
      Source: Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://az700632.vo.msecnd.net/pub
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.00000000030BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json)
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C192000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json.errormarker
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json.errormarkerG
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json.errormarkerd
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json.errormarkero
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json1&
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json5
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonA
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.00000000030BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonC:
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonE
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4487264572.0000000007CCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonLMEM
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonP
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonX&
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsond
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonn
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4491281578.000000000C073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.jsonv&9
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.net:443/pub/RemoteSettings/RemoteSettings_Installer.jsond
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://az700632.vo.msecnd.netD
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://dc.services.visualstudio.com/v2/track
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://dc.services.visualstudio.com/v2/trackWDequeueAndSend:
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481871499.0000000005962000.00000002.00000001.01000000.0000000D.sdmp, Microsoft.VisualStudio.Utilities.Internal.dll.0.drString found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/CommonInternalUtilities
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.drString found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/VSRemoteControl
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.drString found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/VSRemoteControlR
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/VSTelemetryAPI
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://enterpriseregistration.windows.net/
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.IdentityModel.Abstractions.dll.0.drString found in binary or memory: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.drString found in binary or memory: https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.drString found in binary or memory: https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnetf
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr, Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet7
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://github.com/AzureAD/microsoft-authentication-library-for-dotnetq
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4482262211.0000000005A22000.00000002.00000001.01000000.0000000C.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
      Source: vs_setup_bootstrapper.exeString found in binary or memory: https://github.com/dotnet/corefx/tree/32b4919
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4482080659.00000000059B2000.00000002.00000001.01000000.0000000E.sdmp, System.Memory.dll.0.drString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4482080659.00000000059B2000.00000002.00000001.01000000.0000000E.sdmp, System.Memory.dll.0.drString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
      Source: VisualStudioSetup.exeString found in binary or memory: https://go.m
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480241119.00000000053F2000.00000002.00000001.01000000.0000000B.sdmp, Microsoft.VisualStudio.Setup.Download.dll.0.drString found in binary or memory: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
      Source: Microsoft.Identity.Client.Extensions.Msal.dll.0.drString found in binary or memory: https://login.microsoftonline.com/common
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://login.microsoftonline.com/common.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://login.microsoftonline.com/common/&Authentication-Info
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://login.microsoftonline.com/common/-invalid_authority_type=Unsupported
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/nativeclient3urn:ietf:wg:oauth:2.0:oob
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: https://login.microsoftonline.com/commonSetCorrelationIdd
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drString found in binary or memory: https://login.microsoftonline.com/consumers
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drString found in binary or memory: https://login.microsoftonline.com/consumersinvalidEnvfailedaadinvalidCodemissingWindowHandleservice:
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.drString found in binary or memory: https://login.microsoftonline.com/consumersinvalidEnvwinrtExceptionsucceededinvalidCodemissingWindow
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: https://login.microsoftonline.com/consumerssucceededwinrtExceptionmissingWindowHandleinvalidCodeIsFe
      Source: Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://login.microsoftonline.com/dsts/
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAht
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drString found in binary or memory: https://login.windows.localAbi_GetAllAccountsUnexpected
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.drString found in binary or memory: https://login.windows.localAbi_GetDefaultAccountProviderUnexpected
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drString found in binary or memory: https://login.windows.localAbi_RequestTokenInteractivelyAsyncException
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drString found in binary or memory: https://marketplace.visualstudio.com
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drString found in binary or memory: https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclient
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://targetednotifications-tm.trafficmanager.net
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E45000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002AD8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002E3E000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002DCB000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://targetednotifications-tm.trafficmanager.net/api/values
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://targetednotifications-tm.trafficmanager.net/api/valuesd
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://targetednotifications-tm.trafficmanager.netD
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://visualstudio-devdiv-c2s.msedge.net/ab
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drString found in binary or memory: https://visualstudio-devdiv-c2s.msedge.net/ab(DisabledFlights.json
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/json
      Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Microsoft.Identity.Client.Extensions.Msal/
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr, Microsoft.Identity.Client.Broker.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Microsoft.Identity.Client/
      Source: Microsoft.Identity.Client.dll.0.dr, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

      System Summary

      barindex
      Writes or reads registry keys via WMI
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_009328E00_2_009328E0
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_009250360_2_00925036
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0091A0420_2_0091A042
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_009281710_2_00928171
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092D2180_2_0092D218
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092539B0_2_0092539B
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_009184B30_2_009184B3
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00924CA80_2_00924CA8
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092CD900_2_0092CD90
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_059665AB2_2_059665AB
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_059B5C522_2_059B5C52
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05A233B92_2_05A233B9
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05A269982_2_05A26998
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05A232762_2_05A23276
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D31E02_2_6C6D31E0
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6E05CF2_2_6C6E05CF
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_00F722182_2_00F72218
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060E64A12_2_060E64A1
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060E4E882_2_060E4E88
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_062000402_2_06200040
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_0620BCF82_2_0620BCF8
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_06208B902_2_06208B90
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_0620A8882_2_0620A888
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_0620A3802_2_0620A380
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_062000072_2_06200007
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_062010E12_2_062010E1
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_06200B812_2_06200B81
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_0683BE382_2_0683BE38
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_0683CA702_2_0683CA70
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05A25D9D2_2_05A25D9D
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: String function: 00933038 appears 55 times
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: String function: 0090DCD9 appears 36 times
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: String function: 0091E5D0 appears 35 times
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: String function: 6C6D5420 appears 34 times
      Source: VisualStudioSetup.exeBinary or memory string: OriginalFilename vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevs_setup_bootstrapper.exe< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.C2RSignatureReader.Interop.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.C2RSignatureReader.Native.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Identity.Client.Broker.dllp( vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Identity.Client.dllb! vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Identity.Client.Extensions.Msal.dllt* vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Identity.Client.NativeInterop.dllp( vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.IdentityModel.Abstractions.dllP vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualStudio.RemoteControl.dllT vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualStudio.Setup.Common.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualStudio.Setup.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualStudio.Setup.Download.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualStudio.Telemetry.dllb! vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.VisualStudio.Utilities.Internal.dllt* vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2036722456.0000000004C87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevs_setup_bootstrapper.resources.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000000.2012918430.000000000093B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevs_enterprise.exef# vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsalruntime.dll8 vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsalruntime.dll8 vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2036581027.0000000004BFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevs_setup_bootstrapper.resources.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsalruntime.dll8 vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Memory.dllT vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Runtime.CompilerServices.Unsafe.dll@ vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVSInstallerElevationService.Contracts.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevs_setup_bootstrapper.resources.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevs_enterprise.exef# vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2037300636.0000000004C67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevs_setup_bootstrapper.resources.dll< vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exe, 00000000.00000003.2013386833.0000000004BCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevs_enterprise.exef# vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exeBinary or memory string: OriginalFilenamevs_enterprise.exef# vs VisualStudioSetup.exe
      Source: VisualStudioSetup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: classification engineClassification label: sus28.troj.evad.winEXE@7/78@0/0
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090E573 FormatMessageW,GetLastError,LocalFree,0_2_0090E573
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dyntelconfig[1].cacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMutant created: NULL
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMutant created: \Sessions\1\BaseNamedObjects\Global\55F58BAB-BDB9-47D5-B85E-B4D8234E8FAA
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMutant created: \Sessions\1\BaseNamedObjects\Global\7BCAEF5B-E7EA-428D-84AF-105BCD4D93FC-RemoteSettings_Installer-json
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_03
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMutant created: \Sessions\1\BaseNamedObjects\_675531BB6E734D2F846AB8511A8963FD_C:_Users_user_AppData_Local_Microsoft_VSApplicationInsights_vstelf3e86b4023cc43f0be495508d51f588a
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\dd_VisualStudioSetup_decompression_log.txtJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCommand line argument: temp0_2_00909219
      Source: VisualStudioSetup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: vs_setup_bootstrapper.exeString found in binary or memory: https://aka.ms/vs/installer/latest/feed
      Source: vs_setup_bootstrapper.exeString found in binary or memory: modify --installPath "
      Source: vs_setup_bootstrapper.exeString found in binary or memory: repair --installPath "
      Source: vs_setup_bootstrapper.exeString found in binary or memory: Non-installable {0}, PlannedAction: {1}.
      Source: vs_setup_bootstrapper.exeString found in binary or memory: uninstall --installPath "
      Source: vs_setup_bootstrapper.exeString found in binary or memory: /online /quiet /norestart /add-package /packagepath:"
      Source: vs_setup_bootstrapper.exeString found in binary or memory: resume --installPath
      Source: vs_setup_bootstrapper.exeString found in binary or memory: --installSessionId {0}
      Source: vs_setup_bootstrapper.exeString found in binary or memory: VS-Platform-Installer/
      Source: vs_setup_bootstrapper.exeString found in binary or memory: export-installationconfiguration
      Source: vs_setup_bootstrapper.exeString found in binary or memory: latest-installer-feed-download-error
      Source: vs_setup_bootstrapper.exeString found in binary or memory: create-installershortcut-error
      Source: vs_setup_bootstrapper.exeString found in binary or memory: elevated-install-product
      Source: vs_setup_bootstrapper.exeString found in binary or memory: delete-installershortcut-error
      Source: vs_setup_bootstrapper.exeString found in binary or memory: vs/telemetryapi/manifest/load
      Source: vs_setup_bootstrapper.exeString found in binary or memory: vs/core/extension/installed
      Source: vs_setup_bootstrapper.exeString found in binary or memory: VS/TelemetryApi/LoadCommonProps
      Source: vs_setup_bootstrapper.exeString found in binary or memory: S/TelemetryApi/LoadCommonProps
      Source: vs_setup_bootstrapper.exeString found in binary or memory: VS/TelemetryApi/Manifest/Load
      Source: vs_setup_bootstrapper.exeString found in binary or memory: VS/TelemetryApi/LoadCommonProps/Fault
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile read: C:\Users\user\Desktop\VisualStudioSetup.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\VisualStudioSetup.exe "C:\Users\user\Desktop\VisualStudioSetup.exe"
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe "C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop"
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess created: C:\Windows\SysWOW64\getmac.exe "getmac"
      Source: C:\Windows\SysWOW64\getmac.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\getmac.exeProcess created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe "C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess created: C:\Windows\SysWOW64\getmac.exe "getmac"Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: feclient.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: microsoft.c2rsignaturereader.native.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dwrite.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: msvcp140_clr0400.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: d3d9.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: d3d10warp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dataexchange.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: d3d11.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dcomp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dxgi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: twinapi.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: resourcepolicyclient.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: dxcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: msctfui.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: uiautomationcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeSection loaded: d3dcompiler_47.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: esscli.dllJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: VisualStudioSetup.exeStatic PE information: certificate valid
      Source: initial sampleStatic PE information: Valid certificate with Microsoft Issuer
      Source: VisualStudioSetup.exeStatic file information: File size 4004568 > 1048576
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: VisualStudioSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Source: VisualStudioSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: D:\a\1\s\_builds\windows-x64\msalruntime\bin\RelWithDebInfo\msalruntime.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client.Broker/obj/Release/net461/Microsoft.Identity.Client.Broker.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\C2RSignatureReader.Interop\obj\Release\net472\Microsoft.C2RSignatureReader.Interop.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479193886.0000000005112000.00000002.00000001.01000000.0000000A.sdmp, Microsoft.C2RSignatureReader.Interop.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\C2RSignatureReader.Native\bin\Release\Win32\Microsoft.C2RSignatureReader.Native.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4496447586.000000006C6E2000.00000002.00000001.01000000.00000011.sdmp, Microsoft.C2RSignatureReader.Native.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4482080659.00000000059B2000.00000002.00000001.01000000.0000000E.sdmp, System.Memory.dll.0.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4482262211.0000000005A22000.00000002.00000001.01000000.0000000C.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4482262211.0000000005A22000.00000002.00000001.01000000.0000000C.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-x86\msalruntime\interop\net\obj\Win32\RelWithDebInfo\net461\Microsoft.Identity.Client.NativeInterop.pdbSHA256J source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.NativeInterop.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\Microsoft.VisualStudio.RemoteControl\Release\net45\Microsoft.VisualStudio.RemoteControl.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Bootstrapper\obj\Release\net472\vs_setup_bootstrapper.pdb7 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net472\Microsoft.VisualStudio.Setup.Download.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480241119.00000000053F2000.00000002.00000001.01000000.0000000B.sdmp, Microsoft.VisualStudio.Setup.Download.dll.0.dr
      Source: Binary string: /_/src/Microsoft.Identity.Client.Extensions.Msal/obj/Release/net45/Microsoft.Identity.Client.Extensions.Msal.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client/obj/Release/net461/Microsoft.Identity.Client.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Utilities.Internal\Release\net45\Microsoft.VisualStudio.Utilities.Internal.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481871499.0000000005962000.00000002.00000001.01000000.0000000D.sdmp, Microsoft.VisualStudio.Utilities.Internal.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb* source: VisualStudioSetup.exe
      Source: Binary string: /_/src/Microsoft.IdentityModel.Abstractions/obj/Release/net472/Microsoft.IdentityModel.Abstractions.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.IdentityModel.Abstractions.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-x86\msalruntime\bin\RelWithDebInfo\msalruntime_x86.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb source: VisualStudioSetup.exe
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481054308.00000000055D2000.00000002.00000001.01000000.0000000F.sdmp, System.Runtime.CompilerServices.Unsafe.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Bootstrapper\obj\Release\net472\vs_setup_bootstrapper.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup.Common\obj\Release\net472\Microsoft.VisualStudio.Setup.Common.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480495615.0000000005442000.00000002.00000001.01000000.00000008.sdmp, Microsoft.VisualStudio.Setup.Common.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481054308.00000000055D2000.00000002.00000001.01000000.0000000F.sdmp, System.Runtime.CompilerServices.Unsafe.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\VSInstallerElevationRequestService.Contracts\obj\Release\net472\VSInstallerElevationService.Contracts.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, VSInstallerElevationService.Contracts.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\src\Setup\obj\Release\net472\Microsoft.VisualStudio.Setup.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Telemetry\Release\net45\Microsoft.VisualStudio.Telemetry.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4483058233.0000000005FB7000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.dr
      Source: Binary string: /_/src/Microsoft.Identity.Client.Extensions.Msal/obj/Release/net45/Microsoft.Identity.Client.Extensions.Msal.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Utilities.Internal\Release\net45\Microsoft.VisualStudio.Utilities.Internal.pdbSHA256x source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481871499.0000000005962000.00000002.00000001.01000000.0000000D.sdmp, Microsoft.VisualStudio.Utilities.Internal.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client.Broker/obj/Release/net461/Microsoft.Identity.Client.Broker.pdbSHA256 source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\Microsoft.VisualStudio.RemoteControl\Release\net45\Microsoft.VisualStudio.RemoteControl.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\obj\src\Microsoft.VisualStudio.Telemetry\Release\net45\Microsoft.VisualStudio.Telemetry.pdbSHA256{v source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4483058233.0000000005FB7000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-x86\msalruntime\interop\net\obj\Win32\RelWithDebInfo\net461\Microsoft.Identity.Client.NativeInterop.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.NativeInterop.dll.0.dr
      Source: Binary string: /_/src/client/Microsoft.Identity.Client/obj/Release/net461/Microsoft.Identity.Client.pdbSHA256so source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr
      Source: Binary string: /_/src/Microsoft.IdentityModel.Abstractions/obj/Release/net472/Microsoft.IdentityModel.Abstractions.pdbSHA256Hw[ source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.IdentityModel.Abstractions.dll.0.dr
      Source: Binary string: D:\a\1\s\_builds\windows-arm64\msalruntime\bin\RelWithDebInfo\msalruntime_arm64.pdb source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr
      Source: vs_setup_bootstrapper.exe.0.drStatic PE information: 0x8DB2A9C3 [Tue May 2 00:05:23 2045 UTC]
      Source: VisualStudioSetup.exeStatic PE information: section name: .boxld01
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00933001 push ecx; ret 0_2_00933014
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00903C7D push esi; ret 0_2_00903C86
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_053F5803 push es; retn 0002h2_2_053F5957
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_059652A5 push 0000002Fh; ret 2_2_05965306
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05963F66 push 0000006Fh; retn 0000h2_2_059640AC
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060D4550 push 00000012h; ret 2_2_060D4742
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D5466 push ecx; ret 2_2_6C6D5479
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6E0CE3 push ecx; ret 2_2_6C6E0CF6
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_053EBBE9 pushad ; ret 2_2_053EBBEA
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060E4520 pushfd ; iretd 2_2_060E4529
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060EC590 push es; ret 2_2_060EC5A0
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060E4CE0 pushfd ; iretd 2_2_060E4CED
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060E9DA1 push es; ret 2_2_060E9DB0
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_060EB840 push es; ret 2_2_060EB850
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_061BC647 pushfd ; ret 2_2_061BC739
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_061B53E0 push es; ret 2_2_061B53F0
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_0683E503 pushad ; retf 2_2_0683E509
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Memory.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile created: C:\Users\user\AppData\Local\Temp\dd_VisualStudioSetup_decompression_log.txtJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\getmac.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_NetworkAdapter.DeviceID=&quot;1&quot;} WHERE ResultClass=Win32_NetworkAdapterConfiguration
      Source: C:\Windows\SysWOW64\getmac.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapterSetting where Element=&quot;Win32_NetworkAdapter.DeviceID=\&quot;1\&quot;&quot;
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMemory allocated: F70000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMemory allocated: 1000000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05965E18 rdtsc 2_2_05965E18
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeWindow / User API: threadDelayed 5142Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeWindow / User API: threadDelayed 4536Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Memory.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dllJump to dropped file
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-19243
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeAPI coverage: 6.8 %
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe TID: 4524Thread sleep time: -15679732462653109s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe TID: 3596Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe TID: 3596Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Version,SerialNumber from Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Product from Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090CAD9 FindFirstFileW,GetLastError,FindNextFileW,CloseHandle,FindClose,0_2_0090CAD9
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090EB72 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW,GetLastError,0_2_0090EB72
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092A58A FindFirstFileExW,0_2_0092A58A
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6DA1EA FindFirstFileExW,2_2_6C6DA1EA
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00911284 __EH_prolog3_GS,GetSystemInfo,0_2_00911284
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: PostVirtualMachineTypeTelemetry
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: InitializeVirtualMachineTypeValue
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, getmac.exe, 00000003.00000002.2058331353.0000000003357000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000003.2055963306.0000000003356000.00000004.00000020.00020000.00000000.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: Hyper-V
      Source: Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: VMware
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $cq"VS.Core.Machine.VirtualMachineType
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drBinary or memory string: uTimed out while querying for Hyper-V feature availability.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drBinary or memory string: SELECT Name FROM Win32_OptionalFeature WHERE Name = 'Microsoft-Hyper-V'
      Source: getmac.exe, 00000003.00000003.2055779123.0000000003374000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000002.2060920729.0000000003374000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SetPropValue.sSubKeyName("SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage");
      Source: getmac.exe, 00000003.00000003.2055779123.0000000003374000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000002.2060920729.0000000003374000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage"
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: isVirtualMachine
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: virtualMachineTypeValue
      Source: getmac.exe, 00000003.00000002.2058331353.0000000003357000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000003.2055963306.0000000003356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drBinary or memory string: 4Hyper-V is not supported by the current environment.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: IsVirtualMachinePropertyName
      Source: getmac.exe, 00000003.00000003.2055709976.0000000003397000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000003.2055583804.0000000003391000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: __PARAMETERSSYSTEM\CurrentControlSet\Services\Hyper-V\LinkageExport1
      Source: vs_setup_bootstrapper.exe, 00000002.00000002.4483058233.0000000005FC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: IsDevBoxAVS.Core.Machine.Processor.FamilyGVS.Core.Machine.Processor.Frequency?VS.Core.Machine.Processor.ModelEVS.Core.Machine.Processor.Stepping;VS.Core.Machine.VM.AzureImage1VS.Core.Win365.PartnerId-VS.Core.Win365.SkuName)VS.Core.Machine.IsVMEVS.Core.Machine.VirtualMachineType]HARDWARE\DESCRIPTION\System\CentralProcessor\0'ProcessorNameStringSSOFTWARE\Microsoft\VisualStudio\Telemetry!AzureVMImageNameNone
      Source: Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: vmware-
      Source: vs_setup_bootstrapper.exeBinary or memory string: VS.Core.Machine.VirtualMachineType
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: VirtualMachineTypePropertyName
      Source: getmac.exe, 00000003.00000002.2058331353.0000000003357000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000003.2055963306.0000000003356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_NetworkProtocolHyper-V RAWHyper-VRAWHyper-V RAW
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: IsVirtualMachine
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: GetVirtualMachineTypeValue
      Source: getmac.exe, 00000003.00000003.2055709976.0000000003397000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000003.00000003.2055583804.0000000003391000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: NoneRSOFTWARE\Microsoft\VisualStudio\Telemetry8VS.Core.Machine.Architecture(VS.Core.Machine.IsVMDVS.Core.Machine.VirtualMachineType
      Source: vs_setup_bootstrapper.exeBinary or memory string: Unable to query for Hyper-V feature availability: {0}
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drBinary or memory string: kUnable to query for Hyper-V feature availability: {0}
      Source: vs_setup_bootstrapper.exeBinary or memory string: S.Core.Machine.VirtualMachineType
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: InitializeVirtualMachineType
      Source: vs_setup_bootstrapper.exeBinary or memory string: Timed out while querying for Hyper-V feature availability.
      Source: VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drBinary or memory string: virtualMachineType
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_05965E18 rdtsc 2_2_05965E18
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00927941 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00927941
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092B82C mov eax, dword ptr fs:[00000030h]0_2_0092B82C
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00926FA5 mov ecx, dword ptr fs:[00000030h]0_2_00926FA5
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0092B7E8 mov eax, dword ptr fs:[00000030h]0_2_0092B7E8
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D9D78 mov eax, dword ptr fs:[00000030h]2_2_6C6D9D78
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D885B mov ecx, dword ptr fs:[00000030h]2_2_6C6D885B
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090C823 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapReAlloc,ReadFile,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetLastError,GetProcessHeap,RtlFreeHeap,0_2_0090C823
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_00927941 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00927941
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0091E257 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0091E257
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0091E3F6 SetUnhandledExceptionFilter,0_2_0091E3F6
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0091DC5E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0091DC5E
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D5092 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6C6D5092
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D813E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C6D813E
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D5298 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C6D5298
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Detected PureCrypter Trojan
      Source: 20240623062655_e0da717c5d50411ebf74d5aca452db70.tmp.2.drString found in binary or memory: H4sIAAAAAAAEAO1cbW/bOBL+fsD9h8CfdrGhlu8ijcMBlm3dBte0vTjtArcpCoqiUqGK5JPktEGx//1GsvLSrmO7SVv0blkUjWPPCzkczszzVMmHUWku3Gg8umwCW9UuaE197lqXllWbZ7k1bV6VTWBs/7V21uWXLh0djtq8V6OYcoQlIvKUyDENx4IFUot/g8Slq0GABxhe5/90V/BNNc6YUzLhmDJrOctw4rgWAqtUkEwoZUA2Na0ZjT+MEtO406tl52V+6cp21r1/2L89G0R6F/Twdg8/d3v4eeMefv7jHi6caVa1uwDjTWduWpWte98GM5eZVdEGLxfBtItJtMqL9OnqIundEcEP7xV9XlfWNc1ROhozIvH9gi8aVwdPqvXign+4qlOhlB2OThx8BAsMul0eV6krgnnZ5u3Vwr5xF+alqxtQGY3FRtGFg6CA8GiM73y+cP9ZudK6600wfufDUzjKRQ6fLmDlYHoB8WthMThkggmlQfZ61adDZJ9+lB2TPrLTalWCmt4pvczB9RJeumMIO8E8ZOEupalp3XlVXw1O8C75o9bV/cvOwe+Ho2VdLV3d5m7rQc/fu6fXqfS6ce1q+TqpqrZpa7ME9dH9xwmaNwczYgHBQZcngcRU6i1qR43kUd4OWQOqsSkat0Xh2NhJmtYg/Itp3oCCE1qEiuJMJDyVzjCrQ8YdFyLkVjtj4IKKjNvUYO7SRDumtcxCYUKWKGXD7b7e5KULJjV8bZ1t4a6Ax8nxTPI91LqEHmlqFbizKE1ogngmDdLCpEirhBtqHMb9nb/P1rNFcBtWCCoOiMZcBBRjuVUNglquI7p1rc9NDZd/CP9w9C/zZmWKRbtK82rR5cC++vAlXdn2zoLDLhEY10QGhG9b8GDh01AfgXSxRW0B9QBKg/3UJf5pH6eLt6vrLS8Oov3y/NQVUC/b+gpucbBpwwqcsp8gvbKQKmPC4ORki7m+CvaJQpy1zmiMDAkF4lgkKGEpQThhiTZWJ4nNdhpqjnNbV02VtV3k6tIUe1ypQfXZEorIUbeL03q1U/66Mb0f3GwU77MnuBtZsHABR5Y+6e8VlM1LKNX9/p2yVFCLUUKxQjyBV9omEqksSzKJTYYlfpCXKVzHbmNNa4qib8lbArLT1sXS5Odlv2KKGR5bpxNjuSWpszxNhOJCKlitTZmV1JEHuYFiCkpZfv6kMqnrfKHVEsYCd4BuXxTmqlq1B6jKsgKU4J3bVwX01eKuEKrq/DyHg3pX1W/z8jzNa3gzXwflSS/03LRv4D1XXj50zXbVmqRwk/p8NYwUIx3jqQzDiYhnNJzpKY1DKuEdLXUMnTXmUTylE6KpnLN4LsQkiohWXFI6i8LJ9J7WsWMpcVVb96hzPmrWMRmy5tnyppk+yuhzA/PFpesGlUda+tcqd+0XsPNysU60bmV9oj3c2NPqV5c8ysL1VBTnhQvsG1OWruhv2t2OFECNPYEibL6Ek+W6gPdObkpn8JG7ocZ3I6irl3X+QLf9TLlaDmVzyKu9LR01cf6+P59siO7N8Dpdx+nF+vhsBTXOtlU92jgcrwfVLgbgC8QXK9vPXduEhyVP2uoit5sloS3UruhvSB9KlRKpVGqQ0koinmYcmdAqJELpoJllTKtss6X1oD905T8Clns1hkXeXtSNsrEz3WAxmL8fKm3WHjLhZkDeLLWoVuvqc/MWTAp3RXss14cps8yJ0HEE5RAjbqHlw8AgkHIEU5xarhkZfQRienjS62LJMulShxIZQrvEaYK00zBmpjZVWutU4E53H9zS1ekPZ7ChM/iTX/fJ7hsLCVyVrq6rejiLs9H4t7ORjHQopyxGRIkZ4hHnKIpCgtScRzPM5xOho7PR4RlMv4xPJFMISjtDPJ4JFBESIZjBI42V1FEs1oIimuAwlgjPGEVcY4aUwCFSIVaTMIKRQKtecEKplLGeo2gaT2DfiqIJn8comjPovFEkobf0ghGRcUQwQVJFc3AtI6QnnCHKZoTwmFAyCdeCejbFc7CDScwR5zEI0ukcwZkQJamYQTvqBacTLOJ5qJGedmtUBHbN8RzFaq7najYDqDjrBeeUSxFPCdJ4DrsWlKKIEYJEJMNI0SiOOTsbvTq8jnmXiN1XQOJVC4fdttChh1ArpSHSjKHZnEOoOWUoimGxUznnTE0JgcCBrd93nvUAIHsAOPrt1U55yPbLPHX1kO4bhUa/w5+//uXDl+JQ1CklYxyOmQhUqD2H8p1zKGIPDoVKyHyFQ/VZHMpOeuMxdAjzdIinQzwd4ukQT4d4OsTTIZ4O8XSIp0O+Jh1iLJEm63B+BmWcGwng1nCBWJo5hlWieeg2W/pT0SGECsYMxihMsEGccWj5iTIoSzQjgiRY0m9Gh3x1PN2htuLUNe23A9aMjzEJACl7YP2dA2u5F7DmIeaEk6/6cIJiePfjD48B48SDcQ/GPRj3YNyDcQ/GPRj3YNyDcQ/GvyYYl4oaygjUcgCIiMvuv621MYgkBOYxzEJG/bMJAKhFErLMZYhzniKYWWEsTI1DOlNSZ4ZJkSb+2QT/bMKf5dkESk4xGcNfQQMl/LMJ3zuFEu5BoXCudSiw2PnDF9/u2QTu6RBPh3g6xNMhng7xdIinQzwd4ukQT4d8TTokUwpTanQHzkPECQmRTphEYQpvQFU0LPN0CBRHzaRSSiJrMggT1gIpKh0iaWiIggE1xNw/m/AgYM1OMR8TOeYwjlHlgfV3DqzVHsBaMs5DzKj8foC18MDaA2sPrD2w9sDaA2sPrD2w9sDaA+uvCaypDTUlMkVwxQExWi6QNkIhSQnPDJRIpqQH1iNMYTylVKIMm6T7HQgEaZhbkDBSZAQGWUJCD6w3AetlXnfYrIGrY91yOPAt4Foy8l2C6437+H8E2HHvpQevz7LZ6mLZnAwbTz/G3PeodNV6X5X5dSyDefeEzLTvkghKj6SMYaW2qB6b9yduWdVt89zVw3UbQtT9LsFtmnm5cLYq0yZy
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_009097A6 SetEnvironmentVariableW,GetLastError,SetEnvironmentVariableW,GetLastError,SetEnvironmentVariableW,GetLastError,SetEnvironmentVariableW,GetLastError,SetEnvironmentVariableW,GetLastError,ExpandEnvironmentStringsW,GetLastError,ExpandEnvironmentStringsW,CoInitializeEx,ShellExecuteExW,GetProcessId,Sleep,WaitForSingleObject,GetExitCodeProcess,CloseHandle,0_2_009097A6
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe "C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeProcess created: C:\Windows\SysWOW64\getmac.exe "getmac"Jump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0091E62B cpuid 0_2_0091E62B
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Newtonsoft.Json.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Memory.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_631515a6268b4bc5adba92a40c352661.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_631515a6268b4bc5adba92a40c352661.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_c12eac8f38804f6bb862d19c21f1fcfe.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_c12eac8f38804f6bb862d19c21f1fcfe.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_6c47a1a998644fd49bfd1efaf289c838.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_6c47a1a998644fd49bfd1efaf289c838.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_7d750e310097423c95c14a6bca305e4e.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_7d750e310097423c95c14a6bca305e4e.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_43ccb07acb9945aa9c8b44353104deb8.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_43ccb07acb9945aa9c8b44353104deb8.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_b3cff21c83bf4353905574a9020524ee.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_b3cff21c83bf4353905574a9020524ee.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.tmp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_5f3fe5b349b74f4c8f0b9c89bf97638f.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_5f3fe5b349b74f4c8f0b9c89bf97638f.trn VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090DC5D GetLocalTime,0_2_0090DC5D
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090E656 GetTimeZoneInformation,GetSystemTime,SystemTimeToTzSpecificLocalTime,GetSystemTime,0_2_0090E656
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeCode function: 0_2_0090D9AF GetVersionExW,GetModuleHandleW,GetProcAddress,GetCurrentProcess,IsWow64Process,IsWow64Process,GetLastError,0_2_0090D9AF
      Source: C:\Users\user\Desktop\VisualStudioSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exeCode function: 2_2_6C6D16B0 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ,__ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,2_2_6C6D16B0

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Exploitation for Privilege Escalation      		1
      Masquerading      		OS Credential Dumping2
      System Time Discovery      		Remote Services1
      Archive Collected Data      		2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts3
      Command and Scripting Interpreter      		Boot or Logon Initialization Scripts11
      Process Injection      		1
      Disable or Modify Tools      		LSASS Memory1
      Query Registry      		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Native API      		Logon Script (Windows)1
      DLL Side-Loading      		131
      Virtualization/Sandbox Evasion      		Security Account Manager131
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts1
      PowerShell      		Login HookLogin Hook11
      Process Injection      		NTDS131
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      Application Window Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain Credentials3
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Timestomp      		DCSync36
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Newtonsoft.Json.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Memory.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://standards.iso.org/iso/19770/-2/2009/schema.xsd0%URL Reputationsafe
      http://schemas.xmlsoap.org/soap/http0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
      https://www.newtonsoft.com/json0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust0%URL Reputationsafe
      https://dc.services.visualstudio.com/v2/track0%URL Reputationsafe
      https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet0%Avira URL Cloudsafe
      https://aka.ms/msal-net-authority-override0%Avira URL Cloudsafe
      https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db470%Avira URL Cloudsafe
      https://aka.ms/net-cache-persistence-errors.0%Avira URL Cloudsafe
      http://aka.ms/valid-authorities0%Avira URL Cloudsafe
      https://aka.ms/msal-net-enable-keychain-access0%Avira URL Cloudsafe
      http://www.tagvault.org/tv_extensions.xsd0%Avira URL Cloudsafe
      https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnetf0%Avira URL Cloudsafe
      https://aka.ms/msal-client-apps0%Avira URL Cloudsafe
      http://aka.ms/msal-net-iwa0%Avira URL Cloudsafe
      https://aka.ms/msal-net-custom-instance-metadata0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/02/trusthttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey0%Avira URL Cloudsafe
      https://aka.ms/msal-net-wam#parent-window-handles0%Avira URL Cloudsafe
      https://devdiv.visualstudio.com/DevDiv/_git/VSRemoteControl0%Avira URL Cloudsafe
      https://dc.services.visualstudio.com/v2/trackWDequeueAndSend:0%Avira URL Cloudsafe
      https://aka.ms/msal-net-signed-assertion.0%Avira URL Cloudsafe
      https://aka.ms/msal-net-ios-13-broker0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueMEX0%Avira URL Cloudsafe
      https://aka.ms/msal-net-throttling.JNo0%Avira URL Cloudsafe
      https://aka.ms/msal-net-iwa-troubleshooting0%Avira URL Cloudsafe
      https://aka.ms/msal-net-3-breaking-changes.0%Avira URL Cloudsafe
      https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclient0%Avira URL Cloudsafe
      https://aka.ms/VSSetupErrorReports?q=0%Avira URL Cloudsafe
      https://aka.ms/msal-net-application-configuration0%Avira URL Cloudsafe
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue0%Avira URL Cloudsafe
      https://aka.ms/msal-net-up0%Avira URL Cloudsafe
      https://login.microsoftonline.com/consumersinvalidEnvwinrtExceptionsucceededinvalidCodemissingWindow0%Avira URL Cloudsafe
      https://aka.ms/vs/arm64SSU0%Avira URL Cloudsafe
      https://aka.ms/msal-net-b2c0%Avira URL Cloudsafe
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer0%Avira URL Cloudsafe
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds:mustUnderstandwss0%Avira URL Cloudsafe
      https://login.microsoftonline.com/dsts/0%Avira URL Cloudsafe
      https://aka.ms/msal-net-pop0%Avira URL Cloudsafe
      https://aka.ms/Brokered-Authentication-for-Android.0%Avira URL Cloudsafe
      https://aka.ms/msal-net-3x-cache-breaking-change).0%Avira URL Cloudsafe
      https://aka.ms/vs/0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWhttp://schemas.xmlsoap.org/ws/2005/02/trustsht0%Avira URL Cloudsafe
      http://169.254.169.254/metadata/identity/oauth2/token0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust/IssueBuilding0%Avira URL Cloudsafe
      https://www.nuget.org/packages/Microsoft.Identity.Client/0%Avira URL Cloudsafe
      https://aka.ms/msal-brokers0%Avira URL Cloudsafe
      https://aka.ms/msal-net-ropc0%Avira URL Cloudsafe
      https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop0%Avira URL Cloudsafe
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJurn:oasis:names:t0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust/Issuehttp://schemas.xmlsoap.org/ws/2005/05/identity/NoPr0%Avira URL Cloudsafe
      https://login.microsoftonline.com/commonSetCorrelationIdd0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey0%Avira URL Cloudsafe
      https://aka.ms/msal-net-xamarin0%Avira URL Cloudsafe
      https://aka.ms/msal-net-application-configuration.0%Avira URL Cloudsafe
      https://aka.ms/vs/arm/DriveAccessibilityCheckmPrecheck:0%Avira URL Cloudsafe
      https://aka.ms/msal-net-pop.0%Avira URL Cloudsafe
      https://login.microsoftonline.com/common/-invalid_authority_type=Unsupported0%Avira URL Cloudsafe
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issuewsdl:definitionswsp:PolicyxmlUnable0%Avira URL Cloudsafe
      https://aka.ms/msal-net-client-credentials0%Avira URL Cloudsafe
      https://aka.ms/msal-net-logging.0%Avira URL Cloudsafe
      https://marketplace.visualstudio.com0%Avira URL Cloudsafe
      https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAht0%Avira URL Cloudsafe
      https://aka.ms/msal-net-cca-token-cache-serialization0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuehttp://docs.oasis-open.org/ws-sx/ws-trust/200510%Avira URL Cloudsafe
      https://github.com/AzureAD/microsoft-authentication-library-for-dotnet0%Avira URL Cloudsafe
      https://aka.ms/vs/install/latest/installer0%Avira URL Cloudsafe
      https://go.m0%Avira URL Cloudsafe
      https://github.com/AzureAD/microsoft-authentication-library-for-dotnet70%Avira URL Cloudsafe
      https://aka.ms/msal-net-4x-cache-breaking-change0%Avira URL Cloudsafe
      https://login.microsoftonline.com/common/oauth2/nativeclient3urn:ietf:wg:oauth:2.0:oob0%Avira URL Cloudsafe
      https://aka.ms/vs/config/v2/0%Avira URL Cloudsafe
      https://aka.ms/msal-net-invalid-client0%Avira URL Cloudsafe
      https://aka.ms/vs/installer/latest/feed0%Avira URL Cloudsafe
      https://devdiv.visualstudio.com/DevDiv/_git/CommonInternalUtilities0%Avira URL Cloudsafe
      https://aka.ms/vs/17/release/installer0%Avira URL Cloudsafe
      https://aka.ms/msal-net-long-running-obo0%Avira URL Cloudsafe
      http://schemas.xmlsoap.org/soap/httpsoap12:bindingFound0%Avira URL Cloudsafe
      https://aka.ms/msal-net-3x-cache-breaking-changea0%Avira URL Cloudsafe
      https://aka.ms/msal-net-up.0%Avira URL Cloudsafe
      http://aka.ms/vs/setup/layout/errors/missingpackages)0%Avira URL Cloudsafe
      https://aka.ms/msal-net-client-credentials.0%Avira URL Cloudsafe
      https://aka.ms/vs/cleanup0%Avira URL Cloudsafe
      https://aka.ms/msal-net/ccsRouting.0%Avira URL Cloudsafe
      https://aka.ms/msal-net-iwa0%Avira URL Cloudsafe
      https://aka.ms/vs/arm0%Avira URL Cloudsafe
      https://aka.ms/msal-net-wam0%Avira URL Cloudsafe
      https://login.microsoftonline.com/consumers0%Avira URL Cloudsafe
      https://aka.ms/adal_token_cache_serialization.0%Avira URL Cloudsafe
      https://github.com/dotnet/corefx/tree/32b49190%Avira URL Cloudsafe
      https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop-InstallVersionHelpLinkUhttps://aka.ms/vs/in0%Avira URL Cloudsafe
      https://aka.ms/msal-net-region-discovery0%Avira URL Cloudsafe
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue0%Avira URL Cloudsafe
      https://aka.ms/vs/installer/latest/feed)latestInstaller.json0%Avira URL Cloudsafe
      https://aka.ms/vs/channels3packageProgressCollection0%Avira URL Cloudsafe
      https://aka.ms/msal-net-webview20%Avira URL Cloudsafe
      http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://micros0%Avira URL Cloudsafe
      https://login.microsoftonline.com/consumersinvalidEnvfailedaadinvalidCodemissingWindowHandleservice:0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480241119.00000000053F2000.00000002.00000001.01000000.0000000B.sdmp, Microsoft.VisualStudio.Setup.Download.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/net-cache-persistence-errors.Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnetVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.tagvault.org/tv_extensions.xsdVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-authority-overrideVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnetfVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Extensions.Msal.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://aka.ms/msal-net-iwaMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://aka.ms/valid-authoritiesVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-client-appsMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-enable-keychain-accessVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://dc.services.visualstudio.com/v2/trackWDequeueAndSend:VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-wam#parent-window-handlesVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.Broker.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://devdiv.visualstudio.com/DevDiv/_git/VSRemoteControlVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4483906144.00000000060D2000.00000002.00000001.01000000.00000010.sdmp, Microsoft.VisualStudio.RemoteControl.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trusthttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKeyVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-iwa-troubleshootingVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-custom-instance-metadataMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-throttling.JNoVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://standards.iso.org/iso/19770/-2/2009/schema.xsdVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueMEXVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-signed-assertion.VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/soap/httpVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      https://aka.ms/msal-net-ios-13-brokerVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/VSSetupErrorReports?q=VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/IssueVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-3-breaking-changes.Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-upMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/consumersinvalidEnvwinrtExceptionsucceededinvalidCodemissingWindowVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclientVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://aka.ms/msal-net-application-configurationMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/arm64SSUvs_setup_bootstrapper.exefalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-b2cMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/BearerVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, Microsoft.Identity.Client.dll.0.dr, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-popVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds:mustUnderstandwssVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/Brokered-Authentication-for-Android.VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/dsts/Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-3x-cache-breaking-change).Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWhttp://schemas.xmlsoap.org/ws/2005/02/trustshtVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://169.254.169.254/metadata/identity/oauth2/tokenVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trust/IssueBuildingVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.nuget.org/packages/Microsoft.Identity.Client/VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr, Microsoft.Identity.Client.Broker.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-brokersMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-ropcMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoopvs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJurn:oasis:names:tVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trust/Issuehttp://schemas.xmlsoap.org/ws/2005/05/identity/NoPrVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/commonSetCorrelationIddVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-xamarinVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-application-configuration.Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKeyVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-pop.VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/common/-invalid_authority_type=UnsupportedVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/arm/DriveAccessibilityCheckmPrecheck:VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issuewsdl:definitionswsp:PolicyxmlUnableVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_x86.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-client-credentialsMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-logging.Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-cca-token-cache-serializationVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://marketplace.visualstudio.comVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAhtVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/install/latest/installervs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A11000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/AzureAD/microsoft-authentication-library-for-dotnetVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.dr, Microsoft.Identity.Client.Broker.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://go.mVisualStudioSetup.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuehttp://docs.oasis-open.org/ws-sx/ws-trust/20051VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/AzureAD/microsoft-authentication-library-for-dotnet7VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-4x-cache-breaking-changeMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/common/oauth2/nativeclient3urn:ietf:wg:oauth:2.0:oobVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/config/v2/VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000000.2039840885.00000000005F2000.00000002.00000001.01000000.00000005.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/installer/latest/feedvs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://devdiv.visualstudio.com/DevDiv/_git/CommonInternalUtilitiesVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4481871499.0000000005962000.00000002.00000001.01000000.0000000D.sdmp, Microsoft.VisualStudio.Utilities.Internal.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-invalid-clientMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-long-running-oboMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/soap/httpsoap12:bindingFoundVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-3x-cache-breaking-changeaVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/17/release/installervs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002A90000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.config.0.dr, dd_bootstrapper_20240523122858.log.2.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://aka.ms/vs/setup/layout/errors/missingpackages)Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-client-credentials.Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-up.VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/cleanupVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.newtonsoft.com/jsonVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B37A000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      https://aka.ms/msal-net/ccsRouting.VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/trustVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      https://dc.services.visualstudio.com/v2/trackVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4474669306.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4481181117.00000000055E2000.00000002.00000001.01000000.00000009.sdmp, Microsoft.VisualStudio.Telemetry.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      https://aka.ms/vs/armvs_setup_bootstrapper.exefalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-iwaMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/consumersVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/adal_token_cache_serialization.Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/dotnet/corefx/tree/32b4919vs_setup_bootstrapper.exefalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-wamMicrosoft.Identity.Client.Broker.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop-InstallVersionHelpLinkUhttps://aka.ms/vs/inVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000000.2039840885.00000000005F2000.00000002.00000001.01000000.00000005.sdmp, vs_setup_bootstrapper.exe.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/IssueVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000AF9D000.00000004.00000020.00020000.00000000.sdmp, VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000B1DC000.00000004.00000020.00020000.00000000.sdmp, msalruntime_arm64.dll.0.dr, msalruntime_x86.dll.0.dr, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-region-discoveryMicrosoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/msal-net-webview2VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Identity.Client.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/installer/latest/feed)latestInstaller.jsonVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://microsVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, vs_setup_bootstrapper.exe, 00000002.00000002.4480241119.00000000053F2000.00000002.00000001.01000000.0000000B.sdmp, Microsoft.VisualStudio.Setup.Download.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/channels3packageProgressCollectionVisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, vs_setup_bootstrapper.exe, 00000002.00000002.4479260656.0000000005132000.00000002.00000001.01000000.00000007.sdmp, Microsoft.VisualStudio.Setup.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://login.microsoftonline.com/consumersinvalidEnvfailedaadinvalidCodemissingWindowHandleservice:VisualStudioSetup.exe, 00000000.00000003.2034965309.000000000A7B3000.00000004.00000020.00020000.00000000.sdmp, msalruntime.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1446645
      Start date and time:2024-05-23 18:28:05 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 10m 50s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:10
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:VisualStudioSetup.exe
      Detection:SUS
      Classification:sus28.troj.evad.winEXE@7/78@0/0
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 534
      • Number of non-executed functions: 45
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Override analysis time to 240000 for current running targets taking high CPU consumption

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 152.199.19.161, 184.28.89.167, 13.85.16.224, 20.189.173.17, 20.189.173.14, 20.42.128.98, 51.105.71.137, 23.43.62.58, 20.189.173.13, 40.79.141.154, 2.18.97.227, 13.89.179.13
      • Excluded domains from analysis (whitelisted): waws-prod-mwh-053-6a6c.westus2.cloudapp.azure.com, slscr.update.microsoft.com, onedscolprdwus22.westus.cloudapp.azure.com, mobile.events.data.microsoft.com, e11290.dspg.akamaiedge.net, onedscolprduks03.uksouth.cloudapp.azure.com, onedscolprdfrc06.francecentral.cloudapp.azure.com, go.microsoft.com, onedscolprdcus21.centralus.cloudapp.azure.com, ocsp.digicert.com, waws-prod-sn1-111.southcentralus.cloudapp.azure.com, az700632-pme.ec.azureedge.net, fs.microsoft.com, onedscolprdwus13.westus.cloudapp.azure.com, az667904.vo.msecnd.net, ctldl.windowsupdate.com, az700632.vo.msecnd.net, targetednotifications-tm.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, az700632-pme.azureedge.net, az667904-pme.ec.azureedge.net, onedscolprdwus12.westus.cloudapp.azure.com, go.microsoft.com.edgekey.net, mobile.events.data.trafficmanager.net, az667904-pme.azureedge.net, cs9.wpc.v0cdn.net
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing behavior information.
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtReadVirtualMemory calls found.
      • VT rate limit hit for: VisualStudioSetup.exe

      Simulations

      Behavior and APIs

      TimeTypeDescription
      12:28:58API Interceptor11445097x Sleep call for process: vs_setup_bootstrapper.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dllBusylight4MS_Teams_Setup.msiGet hashmaliciousUnknownBrowse

        Created / dropped Files

        C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202405231229282350.json

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):163
        Entropy (8bit):4.8414251562385555
        Encrypted:false
        SSDEEP:3:3H9ysxeXutqVROmFXMWApPVxtHqVBC6hFtJ49DRZ8WKTNoBmAy:3HEsxhsVnXMWqPJqVBzt28NTiBmAy
        MD5:BB004C2A7E87D3016E3BDCFD6D9F5251
        SHA1:3C984D00B521893B050B3A4DBB0FDDC283D27865
        SHA-256:ADCF02F322066AEA210E820D7D344F3A0FED05DF18EBD57C053C5C727F232307
        SHA-512:CF3E5786B46BA78D72E6C372C6BB6AB1B6E0B54FA8A88219E0B1B361556B7999BB2F2F99F98B10935C1F5FD481E6890D18BCA1F52C6F4947A2F8D2C5D3B7C72A
        Malicious:false
        Reputation:low
        Preview:{.. "productId": "Microsoft.VisualStudio.Product.Enterprise",. "channelId": "VisualStudio.17.Release",. "channelUri": "https://aka.ms/vs/17/release/channel".}..

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (6080), with CRLF line terminators
        Category:dropped
        Size (bytes):6303
        Entropy (8bit):6.02024307455722
        Encrypted:false
        SSDEEP:192:vgezDjpPw45qU3y3xxv1d7aUWnREKFX7LVW1gg:DDjpPw45byaUWnxhhg
        MD5:988E6569A1D634115016D24CE9E8477E
        SHA1:AD2572E95522FE536AB8052ECAFF68463A6A31CA
        SHA-256:6F0813E579CC842B258C3BA741085EF41CB2455D1BB416638C6B90C4128019E0
        SHA-512:D1326645D2BCF865F9B31E9E167AFC4498C6EDB6D55FF07CDB1D496FAB8BB4DA2C366560B6B5064BB412D323A6FD3DCCD480033810DC3DD048C134D41F885D5E
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO2dW3PbOJaA37dq/4NLT901AY07AW9N1eo67Zo4nbWczOx2urpAAHQ4I4taknLH6er/vocUZUuyLKlj57Jj5CGWxAPg4HbO+UCQ+K0zNVe+c9Kx+bTyH6rIFt5UvvOiU2XN7xRTjrBAlF0QeULViVARpex/QOLaFyDAIwyfs7/6G/iSn6TMK5lwTJm1nKU48VwLgZUTJBVKGZB1pjKdk986iSn9xc2sLmV47afVoP79RfPzoBVpiqAvNpQ8vlXyyptyXvgrSF3W8v22FgOfmvmkit6Oo35e+Kg3zybu1fwqafIjgr94UPR1kVtflqeuc8KIxA8Lvil9Eb3MramyfBr9xed1EmiaF51zD5euvYvqapzlzk+i4bTKqpuxfe+vzFtflJCkcyK2io491BqEOyd45frY/+/cT61fVoKsXLuArhpncHEMikPO48oUVeeEU/L7i86syGe+qDK/s4GGH/yrRRtfl7+UvprPfknyvCqrwswgeefhZoCUtxXqsIjgqG7fSGIq9Y5kp6XkvaxqWxuSjsyk9DsSnBnbda4A4R9M+R4SeKFFrChORcKd9IZZHTPuuRAxt9obAyNXpNw6g7l3ifZMa5nGwsQsUcrGu8t6n0191C3gb+VtBWMMSuyeDSQ/IFk9EDqaWgXFWeQSmiCeSoO0MA5plXBDjce4mQwP5fXjOLprVmhUHBGNuYgoxnJnMmjU6aJFd+r62hQwadrmb7v+bVbOzWRczV2Wj+sxcGh6+OPmtlpROK4HA

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (6080), with CRLF line terminators
        Category:dropped
        Size (bytes):6303
        Entropy (8bit):6.02024307455722
        Encrypted:false
        SSDEEP:192:vgezDjpPw45qU3y3xxv1d7aUWnREKFX7LVW1gg:DDjpPw45byaUWnxhhg
        MD5:988E6569A1D634115016D24CE9E8477E
        SHA1:AD2572E95522FE536AB8052ECAFF68463A6A31CA
        SHA-256:6F0813E579CC842B258C3BA741085EF41CB2455D1BB416638C6B90C4128019E0
        SHA-512:D1326645D2BCF865F9B31E9E167AFC4498C6EDB6D55FF07CDB1D496FAB8BB4DA2C366560B6B5064BB412D323A6FD3DCCD480033810DC3DD048C134D41F885D5E
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO2dW3PbOJaA37dq/4NLT901AY07AW9N1eo67Zo4nbWczOx2urpAAHQ4I4taknLH6er/vocUZUuyLKlj57Jj5CGWxAPg4HbO+UCQ+K0zNVe+c9Kx+bTyH6rIFt5UvvOiU2XN7xRTjrBAlF0QeULViVARpex/QOLaFyDAIwyfs7/6G/iSn6TMK5lwTJm1nKU48VwLgZUTJBVKGZB1pjKdk986iSn9xc2sLmV47afVoP79RfPzoBVpiqAvNpQ8vlXyyptyXvgrSF3W8v22FgOfmvmkit6Oo35e+Kg3zybu1fwqafIjgr94UPR1kVtflqeuc8KIxA8Lvil9Eb3MramyfBr9xed1EmiaF51zD5euvYvqapzlzk+i4bTKqpuxfe+vzFtflJCkcyK2io491BqEOyd45frY/+/cT61fVoKsXLuArhpncHEMikPO48oUVeeEU/L7i86syGe+qDK/s4GGH/yrRRtfl7+UvprPfknyvCqrwswgeefhZoCUtxXqsIjgqG7fSGIq9Y5kp6XkvaxqWxuSjsyk9DsSnBnbda4A4R9M+R4SeKFFrChORcKd9IZZHTPuuRAxt9obAyNXpNw6g7l3ifZMa5nGwsQsUcrGu8t6n0191C3gb+VtBWMMSuyeDSQ/IFk9EDqaWgXFWeQSmiCeSoO0MA5plXBDjce4mQwP5fXjOLprVmhUHBGNuYgoxnJnMmjU6aJFd+r62hQwadrmb7v+bVbOzWRczV2Wj+sxcGh6+OPmtlpROK4HA

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_631515a6268b4bc5adba92a40c352661.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (6080), with CRLF line terminators
        Category:dropped
        Size (bytes):6303
        Entropy (8bit):6.02024307455722
        Encrypted:false
        SSDEEP:192:vgezDjpPw45qU3y3xxv1d7aUWnREKFX7LVW1gg:DDjpPw45byaUWnxhhg
        MD5:988E6569A1D634115016D24CE9E8477E
        SHA1:AD2572E95522FE536AB8052ECAFF68463A6A31CA
        SHA-256:6F0813E579CC842B258C3BA741085EF41CB2455D1BB416638C6B90C4128019E0
        SHA-512:D1326645D2BCF865F9B31E9E167AFC4498C6EDB6D55FF07CDB1D496FAB8BB4DA2C366560B6B5064BB412D323A6FD3DCCD480033810DC3DD048C134D41F885D5E
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO2dW3PbOJaA37dq/4NLT901AY07AW9N1eo67Zo4nbWczOx2urpAAHQ4I4taknLH6er/vocUZUuyLKlj57Jj5CGWxAPg4HbO+UCQ+K0zNVe+c9Kx+bTyH6rIFt5UvvOiU2XN7xRTjrBAlF0QeULViVARpex/QOLaFyDAIwyfs7/6G/iSn6TMK5lwTJm1nKU48VwLgZUTJBVKGZB1pjKdk986iSn9xc2sLmV47afVoP79RfPzoBVpiqAvNpQ8vlXyyptyXvgrSF3W8v22FgOfmvmkit6Oo35e+Kg3zybu1fwqafIjgr94UPR1kVtflqeuc8KIxA8Lvil9Eb3MramyfBr9xed1EmiaF51zD5euvYvqapzlzk+i4bTKqpuxfe+vzFtflJCkcyK2io491BqEOyd45frY/+/cT61fVoKsXLuArhpncHEMikPO48oUVeeEU/L7i86syGe+qDK/s4GGH/yrRRtfl7+UvprPfknyvCqrwswgeefhZoCUtxXqsIjgqG7fSGIq9Y5kp6XkvaxqWxuSjsyk9DsSnBnbda4A4R9M+R4SeKFFrChORcKd9IZZHTPuuRAxt9obAyNXpNw6g7l3ifZMa5nGwsQsUcrGu8t6n0191C3gb+VtBWMMSuyeDSQ/IFk9EDqaWgXFWeQSmiCeSoO0MA5plXBDjce4mQwP5fXjOLprVmhUHBGNuYgoxnJnMmjU6aJFd+r62hQwadrmb7v+bVbOzWRczV2Wj+sxcGh6+OPmtlpROK4HA

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (1776), with CRLF line terminators
        Category:dropped
        Size (bytes):1999
        Entropy (8bit):6.028482294017741
        Encrypted:false
        SSDEEP:48:rRrDLgbgpdsXE9Ty9EO8q7IbE6pfzPQ+G3E7m84ZEKIGt:FOgUXaTaWTbE6pfzy3x/Dx
        MD5:BAE120CD01F5E1CEB97492645DFE3A56
        SHA1:49F89C2B3831A92AD404ACB48AF8D3C28EF81478
        SHA-256:AD1CCDAA87FFC944F750AF7BDC3ED4DC73FB739EFA09C6794FF94DF9B7A4471B
        SHA-512:A018203946BEDC64AA85F2D7B37C087EBDB73E6452D578310D2B07848D90F57FB1DB638F11C0FD09AF6668EF9B7E4EB6918FF6FBAEC8C99E9D8C6B8D26F971B1
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAK1XW2/bNhT+K4VeF6kURUqi3xwn3oIlaRa5GbBhKHg5SoTKkkdRXoKi/31HtHJp6zhGUr9Ipr5z4cdz45egkUsIJsG6i3RrIXLSXoMD07SuKistXdU2XSS1f1rQUK3BBAeBq7wYJZSFhIeUL2IxYekkySPBsr8QsQaLABYRfK9+hzv8007KBPJUMUITrVlSEgVMcE5yw+OS57lErJFOBpMvgZIdLO5Wg5XjNTTuaFg/8MtHI8SboAePe3g/7OH91j28/3EPS5Bdb2GJyrtB3axtHNy66AhK2dcuuiqi2cDJYV/V5rxfKm8u5uzgWeiFbTV03YkJJkmckueBHzuw0Wm7cS76FdpBhNLkILgE/IQORsMuz1oDdXTcuMrdFfoGlvIKbIciwYRvhRaApCA4mJAn3wv4t4dGw/0m4qfCCzzKosKvBXqOqgvkzyEmZ2kaxwyh904vRmLPvwmOqSd21vaN81Z3o2fSwXVr7/bFnziw/hXp+XoQrGy7Ausq2Hlix7dwfh8Tnzpw/eqTalvXOStXKB48fy4o+cBwkEQxiYYDj1JCU7FD7KRL2WHlxuNH0bmsO9ghcCb11BiL4N9kd4MCwAXPckpKrphJQSZaZAkDxnnGtAApMdN4ybSRhIFRAhIh0jLjMktUnutst62bqoFoavHpQDsMerQ4PTtK2R5iQ2QGguoczenQKKpCVqYyFFyaUOSKSSqBEJ+8z+n6UESPtCKpJIoFYTyihKQ7xZDUZsPoTl8vpMUsHukfj

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (1776), with CRLF line terminators
        Category:dropped
        Size (bytes):1999
        Entropy (8bit):6.028482294017741
        Encrypted:false
        SSDEEP:48:rRrDLgbgpdsXE9Ty9EO8q7IbE6pfzPQ+G3E7m84ZEKIGt:FOgUXaTaWTbE6pfzy3x/Dx
        MD5:BAE120CD01F5E1CEB97492645DFE3A56
        SHA1:49F89C2B3831A92AD404ACB48AF8D3C28EF81478
        SHA-256:AD1CCDAA87FFC944F750AF7BDC3ED4DC73FB739EFA09C6794FF94DF9B7A4471B
        SHA-512:A018203946BEDC64AA85F2D7B37C087EBDB73E6452D578310D2B07848D90F57FB1DB638F11C0FD09AF6668EF9B7E4EB6918FF6FBAEC8C99E9D8C6B8D26F971B1
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAK1XW2/bNhT+K4VeF6kURUqi3xwn3oIlaRa5GbBhKHg5SoTKkkdRXoKi/31HtHJp6zhGUr9Ipr5z4cdz45egkUsIJsG6i3RrIXLSXoMD07SuKistXdU2XSS1f1rQUK3BBAeBq7wYJZSFhIeUL2IxYekkySPBsr8QsQaLABYRfK9+hzv8007KBPJUMUITrVlSEgVMcE5yw+OS57lErJFOBpMvgZIdLO5Wg5XjNTTuaFg/8MtHI8SboAePe3g/7OH91j28/3EPS5Bdb2GJyrtB3axtHNy66AhK2dcuuiqi2cDJYV/V5rxfKm8u5uzgWeiFbTV03YkJJkmckueBHzuw0Wm7cS76FdpBhNLkILgE/IQORsMuz1oDdXTcuMrdFfoGlvIKbIciwYRvhRaApCA4mJAn3wv4t4dGw/0m4qfCCzzKosKvBXqOqgvkzyEmZ2kaxwyh904vRmLPvwmOqSd21vaN81Z3o2fSwXVr7/bFnziw/hXp+XoQrGy7Ausq2Hlix7dwfh8Tnzpw/eqTalvXOStXKB48fy4o+cBwkEQxiYYDj1JCU7FD7KRL2WHlxuNH0bmsO9ghcCb11BiL4N9kd4MCwAXPckpKrphJQSZaZAkDxnnGtAApMdN4ybSRhIFRAhIh0jLjMktUnutst62bqoFoavHpQDsMerQ4PTtK2R5iQ2QGguoczenQKKpCVqYyFFyaUOSKSSqBEJ+8z+n6UESPtCKpJIoFYTyihKQ7xZDUZsPoTl8vpMUsHukfj

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_c12eac8f38804f6bb862d19c21f1fcfe.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (1776), with CRLF line terminators
        Category:dropped
        Size (bytes):1999
        Entropy (8bit):6.028482294017741
        Encrypted:false
        SSDEEP:48:rRrDLgbgpdsXE9Ty9EO8q7IbE6pfzPQ+G3E7m84ZEKIGt:FOgUXaTaWTbE6pfzy3x/Dx
        MD5:BAE120CD01F5E1CEB97492645DFE3A56
        SHA1:49F89C2B3831A92AD404ACB48AF8D3C28EF81478
        SHA-256:AD1CCDAA87FFC944F750AF7BDC3ED4DC73FB739EFA09C6794FF94DF9B7A4471B
        SHA-512:A018203946BEDC64AA85F2D7B37C087EBDB73E6452D578310D2B07848D90F57FB1DB638F11C0FD09AF6668EF9B7E4EB6918FF6FBAEC8C99E9D8C6B8D26F971B1
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAK1XW2/bNhT+K4VeF6kURUqi3xwn3oIlaRa5GbBhKHg5SoTKkkdRXoKi/31HtHJp6zhGUr9Ipr5z4cdz45egkUsIJsG6i3RrIXLSXoMD07SuKistXdU2XSS1f1rQUK3BBAeBq7wYJZSFhIeUL2IxYekkySPBsr8QsQaLABYRfK9+hzv8007KBPJUMUITrVlSEgVMcE5yw+OS57lErJFOBpMvgZIdLO5Wg5XjNTTuaFg/8MtHI8SboAePe3g/7OH91j28/3EPS5Bdb2GJyrtB3axtHNy66AhK2dcuuiqi2cDJYV/V5rxfKm8u5uzgWeiFbTV03YkJJkmckueBHzuw0Wm7cS76FdpBhNLkILgE/IQORsMuz1oDdXTcuMrdFfoGlvIKbIciwYRvhRaApCA4mJAn3wv4t4dGw/0m4qfCCzzKosKvBXqOqgvkzyEmZ2kaxwyh904vRmLPvwmOqSd21vaN81Z3o2fSwXVr7/bFnziw/hXp+XoQrGy7Ausq2Hlix7dwfh8Tnzpw/eqTalvXOStXKB48fy4o+cBwkEQxiYYDj1JCU7FD7KRL2WHlxuNH0bmsO9ghcCb11BiL4N9kd4MCwAXPckpKrphJQSZaZAkDxnnGtAApMdN4ybSRhIFRAhIh0jLjMktUnutst62bqoFoavHpQDsMerQ4PTtK2R5iQ2QGguoczenQKKpCVqYyFFyaUOSKSSqBEJ+8z+n6UESPtCKpJIoFYTyihKQ7xZDUZsPoTl8vpMUsHukfj

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_6c47a1a998644fd49bfd1efaf289c838.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (5264), with CRLF line terminators
        Category:dropped
        Size (bytes):5487
        Entropy (8bit):6.02335373018705
        Encrypted:false
        SSDEEP:96:FiH+ljUa5v8qlGq2R+/NiUtG7mgiASmI+s3IwFgXnNS92Om5J0ww4Q8aALw6j:a0Lkq26NiUtmgANI+mZ1KDxpaN6j
        MD5:13325C443AC62F9D23C13905C476F7AF
        SHA1:9BFC0EA5DA1F808F22351EBC6664C883984FE568
        SHA-256:92B77194A7462637DF9882C55BEBAD14B097FB2FDAE377A14A90F0FB73030852
        SHA-512:7DEAA5CC8363ADFB7B59AB978EE40A9BA9260CDBB0B55BAE5FCCB4582EF5D2DF54965845434F334A83668BF8998513C77639346386BAB4222E80D627054D3567
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1da2/bSLL9vsD9D4Y+zWLdnH4/hMEFRIncMXbyuJaTAe44mG02mw4RWdSSlJNgMP99ixT9SmRLeTjwzLSBRK+q6u7q7qo6x93yb6OlPfej8eiiiVxV+6i19Zlvfb6s2rIonW3LatlE1vWPtXe+vPD56HDUlr0axZQjLBAVJ8SMuRoTERmt/h8kLnwNAjzC8Lz8l38PL6pxwbyWGceUOcdZgTPPjRBY54IUQmsLsrlt7Wj82yizjT95v+paSS78sp117x/2b88Gkb4Jeng9hu+7MXy/dQzffzyGc2+bde3PwXjTmZtWy9a/a6OZL+x60UYv59G080m8Lhf50/V51jdHBD+8U/R5XTnfNEf5aMyIxHcLvmh8Hf1UbToX/dNXnQql7HB07OEj6GDUjfJJlftFlCzbsn0/d6/9uX3p6wZURmOxVXTuwSkgPBrjG5/P/X/Wfun85SCIvPHhCUzlvIRP59BzMD0H/7Ugo7k0mmho57LTJ4Njn95aHJPesdNqvQQts1N6VULLK3jqn4DXCVV4p87Utv6sqt8PbeBd8ketr/un4NLfD0erulr5ui39vbOcvPNPL9fRr41v16tfs6pqm7a2K1Af3T2XoHk1KyMWERx1iySSmEpzj9pRI3lctsOSAdXULhp/j8IT6yZ5XoPwj7Z5DQpeGKE0xYXIeC69Zc4oxj0XQnFnvLWwO0XBXW4x93lmPDNGFkpYxTKtnbq/rdfl0keTGh5b71rYKNDi5MlM8j3UutU8MtRpa

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (5264), with CRLF line terminators
        Category:dropped
        Size (bytes):5487
        Entropy (8bit):6.02335373018705
        Encrypted:false
        SSDEEP:96:FiH+ljUa5v8qlGq2R+/NiUtG7mgiASmI+s3IwFgXnNS92Om5J0ww4Q8aALw6j:a0Lkq26NiUtmgANI+mZ1KDxpaN6j
        MD5:13325C443AC62F9D23C13905C476F7AF
        SHA1:9BFC0EA5DA1F808F22351EBC6664C883984FE568
        SHA-256:92B77194A7462637DF9882C55BEBAD14B097FB2FDAE377A14A90F0FB73030852
        SHA-512:7DEAA5CC8363ADFB7B59AB978EE40A9BA9260CDBB0B55BAE5FCCB4582EF5D2DF54965845434F334A83668BF8998513C77639346386BAB4222E80D627054D3567
        Malicious:false
        Reputation:low
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1da2/bSLL9vsD9D4Y+zWLdnH4/hMEFRIncMXbyuJaTAe44mG02mw4RWdSSlJNgMP99ixT9SmRLeTjwzLSBRK+q6u7q7qo6x93yb6OlPfej8eiiiVxV+6i19Zlvfb6s2rIonW3LatlE1vWPtXe+vPD56HDUlr0axZQjLBAVJ8SMuRoTERmt/h8kLnwNAjzC8Lz8l38PL6pxwbyWGceUOcdZgTPPjRBY54IUQmsLsrlt7Wj82yizjT95v+paSS78sp117x/2b88Gkb4Jeng9hu+7MXy/dQzffzyGc2+bde3PwXjTmZtWy9a/a6OZL+x60UYv59G080m8Lhf50/V51jdHBD+8U/R5XTnfNEf5aMyIxHcLvmh8Hf1UbToX/dNXnQql7HB07OEj6GDUjfJJlftFlCzbsn0/d6/9uX3p6wZURmOxVXTuwSkgPBrjG5/P/X/Wfun85SCIvPHhCUzlvIRP59BzMD0H/7Ugo7k0mmho57LTJ4Njn95aHJPesdNqvQQts1N6VULLK3jqn4DXCVV4p87Utv6sqt8PbeBd8ketr/un4NLfD0erulr5ui39vbOcvPNPL9fRr41v16tfs6pqm7a2K1Af3T2XoHk1KyMWERx1iySSmEpzj9pRI3lctsOSAdXULhp/j8IT6yZ5XoPwj7Z5DQpeGKE0xYXIeC69Zc4oxj0XQnFnvLWwO0XBXW4x93lmPDNGFkpYxTKtnbq/rdfl0keTGh5b71rYKNDi5MlM8j3UutU8MtRpa

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (5264), with CRLF line terminators
        Category:dropped
        Size (bytes):5487
        Entropy (8bit):6.02335373018705
        Encrypted:false
        SSDEEP:96:FiH+ljUa5v8qlGq2R+/NiUtG7mgiASmI+s3IwFgXnNS92Om5J0ww4Q8aALw6j:a0Lkq26NiUtmgANI+mZ1KDxpaN6j
        MD5:13325C443AC62F9D23C13905C476F7AF
        SHA1:9BFC0EA5DA1F808F22351EBC6664C883984FE568
        SHA-256:92B77194A7462637DF9882C55BEBAD14B097FB2FDAE377A14A90F0FB73030852
        SHA-512:7DEAA5CC8363ADFB7B59AB978EE40A9BA9260CDBB0B55BAE5FCCB4582EF5D2DF54965845434F334A83668BF8998513C77639346386BAB4222E80D627054D3567
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1da2/bSLL9vsD9D4Y+zWLdnH4/hMEFRIncMXbyuJaTAe44mG02mw4RWdSSlJNgMP99ixT9SmRLeTjwzLSBRK+q6u7q7qo6x93yb6OlPfej8eiiiVxV+6i19Zlvfb6s2rIonW3LatlE1vWPtXe+vPD56HDUlr0axZQjLBAVJ8SMuRoTERmt/h8kLnwNAjzC8Lz8l38PL6pxwbyWGceUOcdZgTPPjRBY54IUQmsLsrlt7Wj82yizjT95v+paSS78sp117x/2b88Gkb4Jeng9hu+7MXy/dQzffzyGc2+bde3PwXjTmZtWy9a/a6OZL+x60UYv59G080m8Lhf50/V51jdHBD+8U/R5XTnfNEf5aMyIxHcLvmh8Hf1UbToX/dNXnQql7HB07OEj6GDUjfJJlftFlCzbsn0/d6/9uX3p6wZURmOxVXTuwSkgPBrjG5/P/X/Wfun85SCIvPHhCUzlvIRP59BzMD0H/7Ugo7k0mmho57LTJ4Njn95aHJPesdNqvQQts1N6VULLK3jqn4DXCVV4p87Utv6sqt8PbeBd8ketr/un4NLfD0erulr5ui39vbOcvPNPL9fRr41v16tfs6pqm7a2K1Af3T2XoHk1KyMWERx1iySSmEpzj9pRI3lctsOSAdXULhp/j8IT6yZ5XoPwj7Z5DQpeGKE0xYXIeC69Zc4oxj0XQnFnvLWwO0XBXW4x93lmPDNGFkpYxTKtnbq/rdfl0keTGh5b71rYKNDi5MlM8j3UutU8MtRpa

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (3020), with CRLF line terminators
        Category:dropped
        Size (bytes):3243
        Entropy (8bit):6.028276177222301
        Encrypted:false
        SSDEEP:96:FapediBzub/1eIoIU40tBveLCVzNsTeLBrl9q:Q8iBzuUJ40w4zuCLBrPq
        MD5:4181C93DFA8B75A0F6C9AC61D11DD8CC
        SHA1:EE1E5F159CAAB48C1555320E576BBB6001F1B33B
        SHA-256:9367ADDC36BFF24C87BBF0F10C7DC30687A81F0DE5A32CA6D5CC63427FE8E4B0
        SHA-512:F142BC051E6F37805E0E7CB462B324F53BFDFEAF20A675DBB45DF2D4FEC74AF6FDF83D354EC97D97346444AA60887623BAFB4AD11F1438DE9CAE59C2E5A469F3
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1c62/byBH/XqD/Q8Cv52X2/dA3URJbo3k18qVAz4fDcnfpECeLKkX5YgT53zukaMe5k2XFiQ5Gu/4iiprHzuzszPwGC39MlvYyJKPkap26uglpa5uL0Aa/rNuqrJxtq3q5Tq3rP5vgQnUVfHKStFXPRjHlCEuEzRmlI65HgqdSs38DxVVogICnGJ6rf4Rr+FKPSha0LDimzDnOSlwEboTA2gtSCq0t0Hrb2mT0MSnsOpxdrzots6uwbKfd+5P+9XQg6VXQk882PO9seL7Thud/tOEy2PWmCZcgfN2Jm9TLNnxo02ko7WbRpu/m6aTzSbapFv7V5rLo1RHBT+4lfdPULqzXpz4ZMSLx/YQ/rkOTvqi3i0v/FuqOhVJ2krwN8BMsMO2sfFn7sEhny7Zqr+fufbi070KzBpZkJHaSzgM4BYiTEb7z+zz8ZxOWLtwaoe78eAZbOa/g1zmsHETPwX9tMiLcEGGk1uDgm1WfDZ599UV0jHvPTurNsu3V7qee2DZc1M31ofSnbWj6x2RkPp0kq6Zehaatwt4tm30Ir26C4pd1aDerX4q6btdtY1fAnty/McB56+KEpQSn3Y6nElNp9rCdriXPqnbYf2DN7WId9jC8tG7sfQPEf7fr98AQhBFKU1yKgnsZLHNGMR64EIo7E6yFoyZK7rzFPPjCBGaMLJWwihVaO7Vf1/tqGdJxA59tcC1EPWgcv5xKfgBbF5qJoU6DOod8QQvES2mREdYjowtuqQ0Y96f3Plmv5

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (3020), with CRLF line terminators
        Category:dropped
        Size (bytes):3243
        Entropy (8bit):6.028276177222301
        Encrypted:false
        SSDEEP:96:FapediBzub/1eIoIU40tBveLCVzNsTeLBrl9q:Q8iBzuUJ40w4zuCLBrPq
        MD5:4181C93DFA8B75A0F6C9AC61D11DD8CC
        SHA1:EE1E5F159CAAB48C1555320E576BBB6001F1B33B
        SHA-256:9367ADDC36BFF24C87BBF0F10C7DC30687A81F0DE5A32CA6D5CC63427FE8E4B0
        SHA-512:F142BC051E6F37805E0E7CB462B324F53BFDFEAF20A675DBB45DF2D4FEC74AF6FDF83D354EC97D97346444AA60887623BAFB4AD11F1438DE9CAE59C2E5A469F3
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1c62/byBH/XqD/Q8Cv52X2/dA3URJbo3k18qVAz4fDcnfpECeLKkX5YgT53zukaMe5k2XFiQ5Gu/4iiprHzuzszPwGC39MlvYyJKPkap26uglpa5uL0Aa/rNuqrJxtq3q5Tq3rP5vgQnUVfHKStFXPRjHlCEuEzRmlI65HgqdSs38DxVVogICnGJ6rf4Rr+FKPSha0LDimzDnOSlwEboTA2gtSCq0t0Hrb2mT0MSnsOpxdrzots6uwbKfd+5P+9XQg6VXQk882PO9seL7Thud/tOEy2PWmCZcgfN2Jm9TLNnxo02ko7WbRpu/m6aTzSbapFv7V5rLo1RHBT+4lfdPULqzXpz4ZMSLx/YQ/rkOTvqi3i0v/FuqOhVJ2krwN8BMsMO2sfFn7sEhny7Zqr+fufbi070KzBpZkJHaSzgM4BYiTEb7z+zz8ZxOWLtwaoe78eAZbOa/g1zmsHETPwX9tMiLcEGGk1uDgm1WfDZ599UV0jHvPTurNsu3V7qee2DZc1M31ofSnbWj6x2RkPp0kq6Zehaatwt4tm30Ir26C4pd1aDerX4q6btdtY1fAnty/McB56+KEpQSn3Y6nElNp9rCdriXPqnbYf2DN7WId9jC8tG7sfQPEf7fr98AQhBFKU1yKgnsZLHNGMR64EIo7E6yFoyZK7rzFPPjCBGaMLJWwihVaO7Vf1/tqGdJxA59tcC1EPWgcv5xKfgBbF5qJoU6DOod8QQvES2mREdYjowtuqQ0Y96f3Plmv5

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_7d750e310097423c95c14a6bca305e4e.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (3020), with CRLF line terminators
        Category:dropped
        Size (bytes):3243
        Entropy (8bit):6.028276177222301
        Encrypted:false
        SSDEEP:96:FapediBzub/1eIoIU40tBveLCVzNsTeLBrl9q:Q8iBzuUJ40w4zuCLBrPq
        MD5:4181C93DFA8B75A0F6C9AC61D11DD8CC
        SHA1:EE1E5F159CAAB48C1555320E576BBB6001F1B33B
        SHA-256:9367ADDC36BFF24C87BBF0F10C7DC30687A81F0DE5A32CA6D5CC63427FE8E4B0
        SHA-512:F142BC051E6F37805E0E7CB462B324F53BFDFEAF20A675DBB45DF2D4FEC74AF6FDF83D354EC97D97346444AA60887623BAFB4AD11F1438DE9CAE59C2E5A469F3
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1c62/byBH/XqD/Q8Cv52X2/dA3URJbo3k18qVAz4fDcnfpECeLKkX5YgT53zukaMe5k2XFiQ5Gu/4iiprHzuzszPwGC39MlvYyJKPkap26uglpa5uL0Aa/rNuqrJxtq3q5Tq3rP5vgQnUVfHKStFXPRjHlCEuEzRmlI65HgqdSs38DxVVogICnGJ6rf4Rr+FKPSha0LDimzDnOSlwEboTA2gtSCq0t0Hrb2mT0MSnsOpxdrzots6uwbKfd+5P+9XQg6VXQk882PO9seL7Thud/tOEy2PWmCZcgfN2Jm9TLNnxo02ko7WbRpu/m6aTzSbapFv7V5rLo1RHBT+4lfdPULqzXpz4ZMSLx/YQ/rkOTvqi3i0v/FuqOhVJ2krwN8BMsMO2sfFn7sEhny7Zqr+fufbi070KzBpZkJHaSzgM4BYiTEb7z+zz8ZxOWLtwaoe78eAZbOa/g1zmsHETPwX9tMiLcEGGk1uDgm1WfDZ599UV0jHvPTurNsu3V7qee2DZc1M31ofSnbWj6x2RkPp0kq6Zehaatwt4tm30Ir26C4pd1aDerX4q6btdtY1fAnty/McB56+KEpQSn3Y6nElNp9rCdriXPqnbYf2DN7WId9jC8tG7sfQPEf7fr98AQhBFKU1yKgnsZLHNGMR64EIo7E6yFoyZK7rzFPPjCBGaMLJWwihVaO7Vf1/tqGdJxA59tcC1EPWgcv5xKfgBbF5qJoU6DOod8QQvES2mREdYjowtuqQ0Y96f3Plmv5

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_43ccb07acb9945aa9c8b44353104deb8.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (1780), with CRLF line terminators
        Category:dropped
        Size (bytes):2003
        Entropy (8bit):6.033051331126503
        Encrypted:false
        SSDEEP:48:rRa2T2vijC73ylIOrxnsCvGdZHV+huwXUAextg:FaG2viMClIJVnVjBrg
        MD5:25FFD863969529538481BF79197E9D98
        SHA1:B0D6D870D2ED354DA8355F8990BB38F9BFFF1CDC
        SHA-256:5D9EA363BFA8DD488B0ABAF9BCE32F7F7C287AA7C4932068F8D9E3575C96C2F1
        SHA-512:AC959B10117C229EDEE79956D455D9726378A57E98A3EE721A54CE26738A0F4C90E8A09D329AB00FFD619127BB9A9A1AFA81D1F1ACE74C742563BBC45CA3C2A9
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAK1XbW/bNhD+K4W+LlIpiaREf3OceAuWpFnkZsCGoeDLKSEqSx5FeQmK/vedZOWlreMYSf1FMvXc28Pj3fFLUMslBJNg3Ua6cRB56a7Bg6kbb0urpbdN3UZSD08HGuwaTHAQeDuIJSShIeFhzBcxm7BsktAozeO/ELEGhwAaEXy3v8Md/mkmZQo5V5QkqdY0LYkCKhgjuWFxyfJcItZIL4PJl0DJFhZ3q97K8Rpqf9SvHwzLRyNkMJEcPMbwvo/h/dYY3v8YwxJk2zlYovK2Vzdrag+3PjqCUnaVj66KaNZzctjZypx3SzWYixk9eBZ64RoNbXtigkkac/I88GMLLjptNs5Fv0LTiyRJehBcAn5CB6M+yrPGQBUd1976u0LfwFJegWtRJJiwrdACkBQEBxPy5HsB/3ZQa7gPIn1qZ4FbWVj8WqDnqLpA/jw6Q7I4I5zlqOje68XI7Pk32TEdmJ01Xe0Hs7vRM+nhunF3++JPPLjhNZjEydeDYOWaFThvYeeeHd/C+X1WfGrBd6tPqml8651coXjw/M6g5APHQRrFJOq3POIk4WKH2EnL6aH1YwKg6FxWLewQOJN6aoxD8G+yvUEBYIJleUJKpqjhIFMtspQCZSyjWoCUeNZYSbWRhIJRAlIheJkxmaUqz3W229aNrSGaOnx60B7THi1Oz4443UOsz81AJDpHczo0KlEhLbkMBZMmFLmiMpFAyHB8n9P1oYgeaUVSSRQLQlmUEMJ3iiGp9YbRnb5eSIfne

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (1780), with CRLF line terminators
        Category:dropped
        Size (bytes):2003
        Entropy (8bit):6.033051331126503
        Encrypted:false
        SSDEEP:48:rRa2T2vijC73ylIOrxnsCvGdZHV+huwXUAextg:FaG2viMClIJVnVjBrg
        MD5:25FFD863969529538481BF79197E9D98
        SHA1:B0D6D870D2ED354DA8355F8990BB38F9BFFF1CDC
        SHA-256:5D9EA363BFA8DD488B0ABAF9BCE32F7F7C287AA7C4932068F8D9E3575C96C2F1
        SHA-512:AC959B10117C229EDEE79956D455D9726378A57E98A3EE721A54CE26738A0F4C90E8A09D329AB00FFD619127BB9A9A1AFA81D1F1ACE74C742563BBC45CA3C2A9
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAK1XbW/bNhD+K4W+LlIpiaREf3OceAuWpFnkZsCGoeDLKSEqSx5FeQmK/vedZOWlreMYSf1FMvXc28Pj3fFLUMslBJNg3Ua6cRB56a7Bg6kbb0urpbdN3UZSD08HGuwaTHAQeDuIJSShIeFhzBcxm7BsktAozeO/ELEGhwAaEXy3v8Md/mkmZQo5V5QkqdY0LYkCKhgjuWFxyfJcItZIL4PJl0DJFhZ3q97K8Rpqf9SvHwzLRyNkMJEcPMbwvo/h/dYY3v8YwxJk2zlYovK2Vzdrag+3PjqCUnaVj66KaNZzctjZypx3SzWYixk9eBZ64RoNbXtigkkac/I88GMLLjptNs5Fv0LTiyRJehBcAn5CB6M+yrPGQBUd1976u0LfwFJegWtRJJiwrdACkBQEBxPy5HsB/3ZQa7gPIn1qZ4FbWVj8WqDnqLpA/jw6Q7I4I5zlqOje68XI7Pk32TEdmJ01Xe0Hs7vRM+nhunF3++JPPLjhNZjEydeDYOWaFThvYeeeHd/C+X1WfGrBd6tPqml8651coXjw/M6g5APHQRrFJOq3POIk4WKH2EnL6aH1YwKg6FxWLewQOJN6aoxD8G+yvUEBYIJleUJKpqjhIFMtspQCZSyjWoCUeNZYSbWRhIJRAlIheJkxmaUqz3W229aNrSGaOnx60B7THi1Oz4443UOsz81AJDpHczo0KlEhLbkMBZMmFLmiMpFAyHB8n9P1oYgeaUVSSRQLQlmUEMJ3iiGp9YbRnb5eSIfne

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (1780), with CRLF line terminators
        Category:dropped
        Size (bytes):2003
        Entropy (8bit):6.033051331126503
        Encrypted:false
        SSDEEP:48:rRa2T2vijC73ylIOrxnsCvGdZHV+huwXUAextg:FaG2viMClIJVnVjBrg
        MD5:25FFD863969529538481BF79197E9D98
        SHA1:B0D6D870D2ED354DA8355F8990BB38F9BFFF1CDC
        SHA-256:5D9EA363BFA8DD488B0ABAF9BCE32F7F7C287AA7C4932068F8D9E3575C96C2F1
        SHA-512:AC959B10117C229EDEE79956D455D9726378A57E98A3EE721A54CE26738A0F4C90E8A09D329AB00FFD619127BB9A9A1AFA81D1F1ACE74C742563BBC45CA3C2A9
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAK1XbW/bNhD+K4W+LlIpiaREf3OceAuWpFnkZsCGoeDLKSEqSx5FeQmK/vedZOWlreMYSf1FMvXc28Pj3fFLUMslBJNg3Ua6cRB56a7Bg6kbb0urpbdN3UZSD08HGuwaTHAQeDuIJSShIeFhzBcxm7BsktAozeO/ELEGhwAaEXy3v8Md/mkmZQo5V5QkqdY0LYkCKhgjuWFxyfJcItZIL4PJl0DJFhZ3q97K8Rpqf9SvHwzLRyNkMJEcPMbwvo/h/dYY3v8YwxJk2zlYovK2Vzdrag+3PjqCUnaVj66KaNZzctjZypx3SzWYixk9eBZ64RoNbXtigkkac/I88GMLLjptNs5Fv0LTiyRJehBcAn5CB6M+yrPGQBUd1976u0LfwFJegWtRJJiwrdACkBQEBxPy5HsB/3ZQa7gPIn1qZ4FbWVj8WqDnqLpA/jw6Q7I4I5zlqOje68XI7Pk32TEdmJ01Xe0Hs7vRM+nhunF3++JPPLjhNZjEydeDYOWaFThvYeeeHd/C+X1WfGrBd6tPqml8651coXjw/M6g5APHQRrFJOq3POIk4WKH2EnL6aH1YwKg6FxWLewQOJN6aoxD8G+yvUEBYIJleUJKpqjhIFMtspQCZSyjWoCUeNZYSbWRhIJRAlIheJkxmaUqz3W229aNrSGaOnx60B7THi1Oz4443UOsz81AJDpHczo0KlEhLbkMBZMmFLmiMpFAyHB8n9P1oYgeaUVSSRQLQlmUEMJ3iiGp9YbRnb5eSIfne

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_b3cff21c83bf4353905574a9020524ee.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (3872), with CRLF line terminators
        Category:dropped
        Size (bytes):4095
        Entropy (8bit):6.028414163481429
        Encrypted:false
        SSDEEP:96:FiCjre0d6LN4yctwdod46i8QIC1zRF0y3qmfTqS0LTZCRsY:HrzoE726imezVqm90hY
        MD5:91AC109328A4EE06E90132D6B2450A54
        SHA1:93B53D766A5E97190887D04196199174E373DB8C
        SHA-256:34587009056E89E0B4F1F1E16BC0BFCD3AB23972F1E74E38E32ED6A6BA117F55
        SHA-512:840CE108D870F60396777A0A5D54153C9686D4184FECDE4618B131B382947CAB6544EC308666D93FD417B47403C75085CAE7AC412E3D71E574594CF1F100E801
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1cbW/bOBL+fsD9h8CfdrGhlu8ijcMBlm3dBte0vTjtArcpCoqiUqGK5JPktEGx//1GsvLSrmO7SVv0blkUjWPPCzkczszzVMmHUWku3Gg8umwCW9UuaE197lqXllWbZ7k1bV6VTWBs/7V21uWXLh0djtq8V6OYcoQlIvKUyDENx4IFUot/g8Slq0GABxhe5/90V/BNNc6YUzLhmDJrOctw4rgWAqtUkEwoZUA2Na0ZjT+MEtO406tl52V+6cp21r1/2L89G0R6F/Twdg8/d3v4eeMefv7jHi6caVa1uwDjTWduWpWte98GM5eZVdEGLxfBtItJtMqL9OnqIundEcEP7xV9XlfWNc1ROhozIvH9gi8aVwdPqvXign+4qlOhlB2OThx8BAsMul0eV6krgnnZ5u3Vwr5xF+alqxtQGY3FRtGFg6CA8GiM73y+cP9ZudK6600wfufDUzjKRQ6fLmDlYHoB8WthMThkggmlQfZ61adDZJ9+lB2TPrLTalWCmt4pvczB9RJeumMIO8E8ZOEupalp3XlVXw1O8C75o9bV/cvOwe+Ho2VdLV3d5m7rQc/fu6fXqfS6ce1q+TqpqrZpa7ME9dH9xwmaNwczYgHBQZcngcRU6i1qR43kUd4OWQOqsSkat0Xh2NhJmtYg/Itp3oCCE1qEiuJMJDyVzjCrQ8YdFyLkVjtj4IKKjNvUYO7SRDumtcxCYUKWKGXD7b7e5KULJjV8bZ1t4a6Ax8nxTPI91LqEHmlqFbizK

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (3872), with CRLF line terminators
        Category:dropped
        Size (bytes):4095
        Entropy (8bit):6.028414163481429
        Encrypted:false
        SSDEEP:96:FiCjre0d6LN4yctwdod46i8QIC1zRF0y3qmfTqS0LTZCRsY:HrzoE726imezVqm90hY
        MD5:91AC109328A4EE06E90132D6B2450A54
        SHA1:93B53D766A5E97190887D04196199174E373DB8C
        SHA-256:34587009056E89E0B4F1F1E16BC0BFCD3AB23972F1E74E38E32ED6A6BA117F55
        SHA-512:840CE108D870F60396777A0A5D54153C9686D4184FECDE4618B131B382947CAB6544EC308666D93FD417B47403C75085CAE7AC412E3D71E574594CF1F100E801
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1cbW/bOBL+fsD9h8CfdrGhlu8ijcMBlm3dBte0vTjtArcpCoqiUqGK5JPktEGx//1GsvLSrmO7SVv0blkUjWPPCzkczszzVMmHUWku3Gg8umwCW9UuaE197lqXllWbZ7k1bV6VTWBs/7V21uWXLh0djtq8V6OYcoQlIvKUyDENx4IFUot/g8Slq0GABxhe5/90V/BNNc6YUzLhmDJrOctw4rgWAqtUkEwoZUA2Na0ZjT+MEtO406tl52V+6cp21r1/2L89G0R6F/Twdg8/d3v4eeMefv7jHi6caVa1uwDjTWduWpWte98GM5eZVdEGLxfBtItJtMqL9OnqIundEcEP7xV9XlfWNc1ROhozIvH9gi8aVwdPqvXign+4qlOhlB2OThx8BAsMul0eV6krgnnZ5u3Vwr5xF+alqxtQGY3FRtGFg6CA8GiM73y+cP9ZudK6600wfufDUzjKRQ6fLmDlYHoB8WthMThkggmlQfZ61adDZJ9+lB2TPrLTalWCmt4pvczB9RJeumMIO8E8ZOEupalp3XlVXw1O8C75o9bV/cvOwe+Ho2VdLV3d5m7rQc/fu6fXqfS6ce1q+TqpqrZpa7ME9dH9xwmaNwczYgHBQZcngcRU6i1qR43kUd4OWQOqsSkat0Xh2NhJmtYg/Itp3oCCE1qEiuJMJDyVzjCrQ8YdFyLkVjtj4IKKjNvUYO7SRDumtcxCYUKWKGXD7b7e5KULJjV8bZ1t4a6Ax8nxTPI91LqEHmlqFbizK

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (3872), with CRLF line terminators
        Category:dropped
        Size (bytes):4095
        Entropy (8bit):6.028414163481429
        Encrypted:false
        SSDEEP:96:FiCjre0d6LN4yctwdod46i8QIC1zRF0y3qmfTqS0LTZCRsY:HrzoE726imezVqm90hY
        MD5:91AC109328A4EE06E90132D6B2450A54
        SHA1:93B53D766A5E97190887D04196199174E373DB8C
        SHA-256:34587009056E89E0B4F1F1E16BC0BFCD3AB23972F1E74E38E32ED6A6BA117F55
        SHA-512:840CE108D870F60396777A0A5D54153C9686D4184FECDE4618B131B382947CAB6544EC308666D93FD417B47403C75085CAE7AC412E3D71E574594CF1F100E801
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1cbW/bOBL+fsD9h8CfdrGhlu8ijcMBlm3dBte0vTjtArcpCoqiUqGK5JPktEGx//1GsvLSrmO7SVv0blkUjWPPCzkczszzVMmHUWku3Gg8umwCW9UuaE197lqXllWbZ7k1bV6VTWBs/7V21uWXLh0djtq8V6OYcoQlIvKUyDENx4IFUot/g8Slq0GABxhe5/90V/BNNc6YUzLhmDJrOctw4rgWAqtUkEwoZUA2Na0ZjT+MEtO406tl52V+6cp21r1/2L89G0R6F/Twdg8/d3v4eeMefv7jHi6caVa1uwDjTWduWpWte98GM5eZVdEGLxfBtItJtMqL9OnqIundEcEP7xV9XlfWNc1ROhozIvH9gi8aVwdPqvXign+4qlOhlB2OThx8BAsMul0eV6krgnnZ5u3Vwr5xF+alqxtQGY3FRtGFg6CA8GiM73y+cP9ZudK6600wfufDUzjKRQ6fLmDlYHoB8WthMThkggmlQfZ61adDZJ9+lB2TPrLTalWCmt4pvczB9RJeumMIO8E8ZOEupalp3XlVXw1O8C75o9bV/cvOwe+Ho2VdLV3d5m7rQc/fu6fXqfS6ce1q+TqpqrZpa7ME9dH9xwmaNwczYgHBQZcngcRU6i1qR43kUd4OWQOqsSkat0Xh2NhJmtYg/Itp3oCCE1qEiuJMJDyVzjCrQ8YdFyLkVjtj4IKKjNvUYO7SRDumtcxCYUKWKGXD7b7e5KULJjV8bZ1t4a6Ax8nxTPI91LqEHmlqFbizK

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.tmp

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (2372), with CRLF line terminators
        Category:modified
        Size (bytes):2595
        Entropy (8bit):6.037714656571401
        Encrypted:false
        SSDEEP:48:rRympEcBS3BU6UroIST0GnvYfHSm9Fah1gejKwL3R9/gEBWFIwrjcsGJilPB9:FympEuSS6UrfM07/S/VjKw9+WUdjcjJM
        MD5:07C05499C3310799E8841D07DDC4F4CB
        SHA1:7A00999020BAE95B11B2FA949C4CE6D849C1AA7A
        SHA-256:573B5D2F6E617D6E4A8C815C11331449E267C95E8E4BB59F8305F082067F5B3E
        SHA-512:841DF3CCC5EAAE1E3B582059F62FD2FA1AFBF73FB39A3E6B8A3ED7371F73892FD19A5CDB962A56B04BEBF87760715D8E94D83859F739ED58382DE62EDFFD386E
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1YbW/bRhL+fkD/Q8Cv9TL7zl19IyXyzrg4SSM3B1xdFMvl0CYqizq+uDGC/PcOKfolrSy7TnI44OQvoqlnZnafnZ2ZRx+DtbuEYBZctaGvGwg715xDB8W67qqy8q6r6nUbOj9+NuChuoIiOAq6ajTjlEtCNeHqlNEZ1zNuQyXFvxFxBQ0CZEjxufonXOM/9awUYHQuKRfeS1HSHKRVippCsVIZ4xBbuM4Fs49B7lo4vd4MUdIrWHeL4f3R+HoxQcYQ/OhuDy+HPbzcuYeXf97DJbi2b+ASnbeDu3m97uBDFy6gdP2qC98vw/nASdJXq+J1f5mP4ZiSRw9C3za1h7Y9LoKZYJo+DPyxhSZ8VW8XF/4d6sGEc3EUvAP8ChcYDrs8qQtYhem6q7rrpb+AS/cemhZNgpnaCV0CkoLgYEbvfb+E//Sw9nCzCXn/y1M8ymWF3y5x5eh6ifx1uBjDrVQskkjwzapPJ2Zff5Yd8cjsvO7X3Rh2P3ruOjivm+un4o87aMbHYMb0p6Ng09QbaLoK9p5Z+gFe32TFLy10/eaXvK67tmvcBs2Dh08GLW85DkTIaDgceagp13aP2XGrZVJ1UwKgaeZWLewxOHE+LooGwf9w7QUagLIqMpyWKpeFBie8jYQEqVQkvQXn8K6pUvrCUQlFbkFYq8tIuUjkxvhof6yLag1h3OBnB77DtMeI8clCyyeYDbkZWO4NhvOkyHlOZKkdscoVxJpcOu6A0vH6PuTrzTK8oxVJpSGzV

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (2372), with CRLF line terminators
        Category:dropped
        Size (bytes):2595
        Entropy (8bit):6.037714656571401
        Encrypted:false
        SSDEEP:48:rRympEcBS3BU6UroIST0GnvYfHSm9Fah1gejKwL3R9/gEBWFIwrjcsGJilPB9:FympEuSS6UrfM07/S/VjKw9+WUdjcjJM
        MD5:07C05499C3310799E8841D07DDC4F4CB
        SHA1:7A00999020BAE95B11B2FA949C4CE6D849C1AA7A
        SHA-256:573B5D2F6E617D6E4A8C815C11331449E267C95E8E4BB59F8305F082067F5B3E
        SHA-512:841DF3CCC5EAAE1E3B582059F62FD2FA1AFBF73FB39A3E6B8A3ED7371F73892FD19A5CDB962A56B04BEBF87760715D8E94D83859F739ED58382DE62EDFFD386E
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1YbW/bRhL+fkD/Q8Cv9TL7zl19IyXyzrg4SSM3B1xdFMvl0CYqizq+uDGC/PcOKfolrSy7TnI44OQvoqlnZnafnZ2ZRx+DtbuEYBZctaGvGwg715xDB8W67qqy8q6r6nUbOj9+NuChuoIiOAq6ajTjlEtCNeHqlNEZ1zNuQyXFvxFxBQ0CZEjxufonXOM/9awUYHQuKRfeS1HSHKRVippCsVIZ4xBbuM4Fs49B7lo4vd4MUdIrWHeL4f3R+HoxQcYQ/OhuDy+HPbzcuYeXf97DJbi2b+ASnbeDu3m97uBDFy6gdP2qC98vw/nASdJXq+J1f5mP4ZiSRw9C3za1h7Y9LoKZYJo+DPyxhSZ8VW8XF/4d6sGEc3EUvAP8ChcYDrs8qQtYhem6q7rrpb+AS/cemhZNgpnaCV0CkoLgYEbvfb+E//Sw9nCzCXn/y1M8ymWF3y5x5eh6ifx1uBjDrVQskkjwzapPJ2Zff5Yd8cjsvO7X3Rh2P3ruOjivm+un4o87aMbHYMb0p6Ng09QbaLoK9p5Z+gFe32TFLy10/eaXvK67tmvcBs2Dh08GLW85DkTIaDgceagp13aP2XGrZVJ1UwKgaeZWLewxOHE+LooGwf9w7QUagLIqMpyWKpeFBie8jYQEqVQkvQXn8K6pUvrCUQlFbkFYq8tIuUjkxvhof6yLag1h3OBnB77DtMeI8clCyyeYDbkZWO4NhvOkyHlOZKkdscoVxJpcOu6A0vH6PuTrzTK8oxVJpSGzV

        C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_5f3fe5b349b74f4c8f0b9c89bf97638f.trn (copy)

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (2372), with CRLF line terminators
        Category:dropped
        Size (bytes):2595
        Entropy (8bit):6.037714656571401
        Encrypted:false
        SSDEEP:48:rRympEcBS3BU6UroIST0GnvYfHSm9Fah1gejKwL3R9/gEBWFIwrjcsGJilPB9:FympEuSS6UrfM07/S/VjKw9+WUdjcjJM
        MD5:07C05499C3310799E8841D07DDC4F4CB
        SHA1:7A00999020BAE95B11B2FA949C4CE6D849C1AA7A
        SHA-256:573B5D2F6E617D6E4A8C815C11331449E267C95E8E4BB59F8305F082067F5B3E
        SHA-512:841DF3CCC5EAAE1E3B582059F62FD2FA1AFBF73FB39A3E6B8A3ED7371F73892FD19A5CDB962A56B04BEBF87760715D8E94D83859F739ED58382DE62EDFFD386E
        Malicious:false
        Preview:https://events.data.microsoft.com/OneCollector/1.0..Content-Type:application/x-json-stream; charset=utf-8..Content-Encoding:gzip..EndPointAPIKey:f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296....H4sIAAAAAAAEAO1YbW/bRhL+fkD/Q8Cv9TL7zl19IyXyzrg4SSM3B1xdFMvl0CYqizq+uDGC/PcOKfolrSy7TnI44OQvoqlnZnafnZ2ZRx+DtbuEYBZctaGvGwg715xDB8W67qqy8q6r6nUbOj9+NuChuoIiOAq6ajTjlEtCNeHqlNEZ1zNuQyXFvxFxBQ0CZEjxufonXOM/9awUYHQuKRfeS1HSHKRVippCsVIZ4xBbuM4Fs49B7lo4vd4MUdIrWHeL4f3R+HoxQcYQ/OhuDy+HPbzcuYeXf97DJbi2b+ASnbeDu3m97uBDFy6gdP2qC98vw/nASdJXq+J1f5mP4ZiSRw9C3za1h7Y9LoKZYJo+DPyxhSZ8VW8XF/4d6sGEc3EUvAP8ChcYDrs8qQtYhem6q7rrpb+AS/cemhZNgpnaCV0CkoLgYEbvfb+E//Sw9nCzCXn/y1M8ymWF3y5x5eh6ifx1uBjDrVQskkjwzapPJ2Zff5Yd8cjsvO7X3Rh2P3ruOjivm+un4o87aMbHYMb0p6Ng09QbaLoK9p5Z+gFe32TFLy10/eaXvK67tmvcBs2Dh08GLW85DkTIaDgceagp13aP2XGrZVJ1UwKgaeZWLewxOHE+LooGwf9w7QUagLIqMpyWKpeFBie8jYQEqVQkvQXn8K6pUvrCUQlFbkFYq8tIuUjkxvhof6yLag1h3OBnB77DtMeI8clCyyeYDbkZWO4NhvOkyHlOZKkdscoVxJpcOu6A0vH6PuTrzTK8oxVJpSGzV

        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\RemoteSettings_Installer[1].cache

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1683
        Entropy (8bit):5.145928571702776
        Encrypted:false
        SSDEEP:48:Yhw2S/zNj3keEkb+uABGB6kE+5opULvSjhgjIjG/:QwfzNjRF+uABGBE+8jhgjIjG/
        MD5:AF65449DB44ECD2FB4F484CA985388B8
        SHA1:38AB6997E0EBC79F47848D0EC59A7D2690F3E407
        SHA-256:85ADBB128C2937A1D382E3EFFA7709950CD0743CD52F73FB30055637625CDE75
        SHA-512:29997B5EC9B00E7EB926B229DB5EF4DF233CF5E9F0C7019FE902104DA24C4D2AF0B2B12A618A15EE5E8F14EE4B849B1A497A612CB7FB0FF760A82D99C162A576
        Malicious:false
        Preview:{"FileVersion":"420","ChangesetId":"DA8DEECF","Installer":{"Features":{"__comment":"True enables feature, False turns feature off","RecommendSel":true,"SortWklds:Flight.VSWSortWklds":true,"SortWklds":false,"RecWklds:Flight.VSWRecWklds":true,"RecWklds":false,"Surveys":true,"ShowBitrate:Flight.VSWShowBitrate":true,"ShowBitrate":false,"CloudFirstDesc:Flight.VSWCloudFirstDesc":true,"CloudFirstDesc":false,"CloudNativeDesc:Flight.VSWCloudNativeDesc":true,"CloudNativeDesc":false,"InstallationOptionsPageKS":false,"ProblemsDlgRetry:Flight.VSWProblemsDlgRetry":true,"ProblemsDlgRetry":false,"CommonError":true,"DownloadThenUpdate":true,"BackgroundDownload":true,"EnableVSIXV1Block":true,"SynchronousNgenForP1Activities:Flight.VSSyncNgenTF":true,"SynchronousNgenForP1Activities":false,"WhatsNewProgressLink:Flight.VSWWhatsNewLink":true,"WhatsNewProgressLink":false,"UseNewInstaller:Version.Major > 2 || (Version.Major == 2 && Version.Minor >= 9)":true,"UseNewInstaller":false,"UninstallBanner:Flight.VSWUn

        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dyntelconfig[1].cache

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (20426), with no line terminators
        Category:dropped
        Size (bytes):20426
        Entropy (8bit):4.845481665495392
        Encrypted:false
        SSDEEP:192:flQARiO8X2bOMY6TsjlRKb/XlCNI5fkTZgFHuFh3acGQ49UnZ+WNMj+1xpznbpYV:fl7MOC2qP68mmTFZ+g0DI1x8mij
        MD5:0F60C1785BFFFD823FA7E755801B6033
        SHA1:194326CF1C130DBDE80213B95558B806CD524626
        SHA-256:798D80699F57507A2875688EABA71C7201DB9315C359414DC509E8BFDEF5C49A
        SHA-512:87751FF6772DFAEB73CC5FD26C912610F010D404EFF99BBD781217BA1A7B7B088399AB30159E5C9760368EC06DE99B100AC08B6D45F1949DB3C90C411EC2FCCD
        Malicious:false
        Preview:{"version":100,"FileVersion":"100","ChangesetId":"DA41C9F6","throttlingThresholdPerWindow":2000,"useCollector":"true","rules":[{"name":"SuppressUTCChannel","when":{"not":{"event":"vs/telemetryapi/session/initialized"}},"do":[{"excludeForChannels":["aiasimov"]},{"route":[{"channel":"aivortex","args":{"datapointId":1,"dataType":1,"parameterName":"dummy","truncationRule":0}}]}]},{"name":"Route one event to UTC channel","when":{"event":"vs/telemetryapi/session/initialized"},"do":[{"route":[{"channel":"aiasimov","args":{"datapointId":1,"dataType":1,"parameterName":"dummy","truncationRule":0}},{"channel":"aivortex","args":{"datapointId":1,"dataType":1,"parameterName":"dummy","truncationRule":0}}]}]},{"name":"SuppressVSConnectPiiBreach_Default_01","when":{"and":[{"event":"vs/hub/servicemodule/vsconnect/*"},{"property":"vsconnect.userid","value":{"exists":true}}]},"do":[{"excludeForChannels":["ai","aiasimov","aivortex"]}]},{"name":"SuppressNoisyVSHUB_Default_01","when":{"or":[{"event":"vs/hub/

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1028\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):22675
        Entropy (8bit):4.767483556336579
        Encrypted:false
        SSDEEP:192:0l1TJVxYlytyWXXRhjCDAAAl7X6L5Hk7jVP4v8Qsr2C7CFFEbWtGq+PTQ:S4yyWnDYAAAl7X8OXJ+5yxoPKU
        MD5:EEAF8CBF54B4E891FF6BE38CF44E3814
        SHA1:7403EA3866651A9CF02C760721FFDDDCA1FCA5C5
        SHA-256:AAD5B2ACF30EB9C2DD35FF3B5C6C1A76CC4F1AE0AB6F382A635F5C329439F3AF
        SHA-512:349FCEA1EB09619E12815FC467F6E7AA39CF3BAF8B6557D00977438F81142F27C3210492735EAF096BBB0A5525ADDE6C2093072AAA05EDFFC8E753020914A43A
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial, ....;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1029\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):23778
        Entropy (8bit):4.336554139736068
        Encrypted:false
        SSDEEP:384:PMw9Bt4xuE0UYui6yNDi62yXGps3QUFAAAt0ui6TV8ReGd7H/+FSq428ydWfdUCo:PMw9BCxuE0E5yND52yXGps3QUFAAAL5r
        MD5:432E50F4764D69625E5143571F823B6A
        SHA1:B0A9336CB2C54AA7F65C2CD3856AE17C47AAD751
        SHA-256:C877FE7CD9544369A42A61B5C51264D74BFCA5B4BC5D4DD1FA703428261D6ABC
        SHA-512:5818F4DA7924CB49AE6606B0A8DF56B9204BF9CDF11B213B5C503E11D43C3088B8196A7350A6F461BA025CB52DABBB14429A128E88CFDBB8CC9FCB7B6398A312
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1031\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):25776
        Entropy (8bit):4.043495750684783
        Encrypted:false
        SSDEEP:192:3nydWihwwoX+HispJolcxiQOIGRSbAAACPojTMAnQtBxxxm35yVYphALnTOinO97:3THMGuC1EAAARWhm3nim7V
        MD5:6F489A55562732D253AD828581176A9A
        SHA1:6177FB738ADC650C574D5B29965F3C88AE3518D5
        SHA-256:9502AC0910BCEE0EB3123F7B68A605D71C8DF72FE7B33F4173AFB4A01390581A
        SHA-512:0A3C3A51E09CA5F22A92C9C8CC0BDBBA2FEFE2370479026044F7703C0528C409A2816318FED921C4D3025D27EC535A6CE1BDBF61A7D009AE9D40BA2177E5EB9D
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1033\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):23891
        Entropy (8bit):3.84786496220798
        Encrypted:false
        SSDEEP:192:3g3Ug7Sc2oqtSEusFLyvAAACk8esEkotlztW5afPcawa5A+faarX0T:MqpoPE1oAAAaeVkUztCUeaCIax
        MD5:4F7415E811ACBDDED478B40C3E7B287E
        SHA1:D0ED04C38662F1039C40D9AD247B47DC88C6BE5E
        SHA-256:55846D86DBE60B1B663018D72BEFA0F53A61D34A4EB093563B93A41B2FAA34A5
        SHA-512:A0C38D7591347B9A4B7CD906FE95D8F479F0270AEFC39D94D2C28E76E05ABE337E5557D0B24A3CAFEB045F1163094AC79C01A5BD11B28E4C277D430D1668C4C3
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1036\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):26328
        Entropy (8bit):4.055670056408705
        Encrypted:false
        SSDEEP:192:36V5ZkFsT9mo+sAghYBVRUeAAAvHo2VDhiqY/T0+XNCAp4vcjpdz1la2yL0cx:KldCPAAAvHJDhmxhl8
        MD5:F3F48126539E0BA3A98DD002FD224C3A
        SHA1:BF8079C93203A9778E44785A449A46729BA3C016
        SHA-256:7A13A7DA236E87310B88E620520C8DAB78F47210C57E1FABBD1AC3162215BAEB
        SHA-512:25A9A2EF201DD5BDED852F6085F424D82EB1F0A10E675300C29113BB190970CEB0D28B4561EBFC5702AC56B16F9E176173B600E3E61F03566EBCAE4E9D5CCC6C
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1040\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):25491
        Entropy (8bit):3.9254842994956656
        Encrypted:false
        SSDEEP:192:39DsRDBI2Mq+AAAZ9qEdk2DeDG2DuH7oDHbC3ZzQlZ7ftcXAc+n4OM7:GDBI2p+AAAyErhqpKj
        MD5:88289FD0D816A06C1A7B303397D0C122
        SHA1:DF516CBCDE29787EC24A8AFC744D20F0156D52CA
        SHA-256:DF46CA96704CBEF3B79E0AA7A8B8239E7ACF12899B6C02A063F138C1F0F9FD34
        SHA-512:135D6BBDD528048A1C5F000A14CF014DFA43CA0BC9E5B4957C1D83CA236390090F42861AD86731F500783F4AF2FD693D6141D5D166908C9FF77AC0EC33EC0CB2
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1041\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):28452
        Entropy (8bit):4.736129262088269
        Encrypted:false
        SSDEEP:384:PiXi3N1VcoHNqLGAAABRKkzUcV8VXNzw3O:PiXSvAAAidzh
        MD5:92E54A7DB253A0A47C03B44D9651DF3C
        SHA1:FE708E0AC308B7B72CF1BD7F93E2965A67B36CA7
        SHA-256:36C917F205A9C9D5F37788CA45ECD57D0F8EEB498F8320849BBEDF49E012E9F9
        SHA-512:8DF1ACB2DB601F410D765A59941EE5EFAD1D881DEFC9B2A7A02CBC77CFE901EA087CB9134E8C68F4C76D6A410C35E9040D6E55747DEA3CAD6C6E21DA5622045A
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1042\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):25428
        Entropy (8bit):4.65895728919786
        Encrypted:false
        SSDEEP:192:3SNN3E3MXOX7ItTwwH+sIhgJ31v6J85AAAUruU1bHi7ID5SZngV0FeF1/1//MTRY:iNbd6+AAAA7nd38mrmbi7u1Da
        MD5:8125E76142C8438863F35CE5B8E63E57
        SHA1:88C104928F0889B2F0565E3D07721E3209995EB9
        SHA-256:929A97C8A9A4EA4F72E2F17DBB20E76E604B7F1255F20874AA1C44AEC0F456C1
        SHA-512:A6A3B8AD6500ADE7D256A774B8D12D07B8596B4BB92AAA849F51864550B16248183B85FB44F7CBC819679265CE04F0614AE2DCF88D496009D1FBDEC75B3C4447
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1045\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):25265
        Entropy (8bit):4.176272311552069
        Encrypted:false
        SSDEEP:768:i80fXT6R6UO4m5+QAAAFehnR6BO9S20DputO8EV:ZNDv8EV
        MD5:9147BC24EACE34955B865DAA39DAD8AB
        SHA1:965E855533C6F247A3F4FC785B805096EFC43850
        SHA-256:322DB9FFDB987D0C824A4DE3B8DB40722BCAF95833DCF90E7B5F250A841E592B
        SHA-512:2DC633ABEB49B54EE4AFAA21BB9DD4D43B7769A6DF6CA1F3E777B7AEEABC0B8B0DF2EF405E0FE4D4DEFFC680FB1F3B9E4C4D03D8FB8D13FBC9B11A0711670105
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1046\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):24097
        Entropy (8bit):4.086544539491845
        Encrypted:false
        SSDEEP:192:3GqRxR/RrtRPdMLPkcdwRyXROAAAAbl8vL0U+gVmGjzOYBrF:2q/ZHrcOUoAAAAyvIU+gIGfr
        MD5:C2BDEAA46B13E3CDE01E3DCAA734C0F2
        SHA1:F91BB4CF0C65422A7F16D362903CC8A62E6D3B8B
        SHA-256:5A0802D6CA8D63D8476EEC79BDBD6079A17DC149D5D8C7DF13059D47BBB09F3A
        SHA-512:158A0D568D7C9FA4255299B317AB097FECB13A0072D19E09EF6387F75B0A847580A4C38C63618F4035698D1605F86FC40E723C74666409E0A40753438B4B5A29
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1049\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):31932
        Entropy (8bit):4.379323773006954
        Encrypted:false
        SSDEEP:384:w9S+s+3hyu9DD5g2To/AAASfBs0ni+J54+FWTVVJdSV/Y8NsfItV:kZLFK2T2AAASJs0nDZy0V
        MD5:66D963430209555CDCB8A5C0219BC60C
        SHA1:B20A6CFCB7A8991D5D347382408E2A4F47D97DF0
        SHA-256:D9AB0A8DB5A8409C5849AA4E1512576225E5B320EA79B0CDC83C2B4848401611
        SHA-512:62658581367DE57DF6BE2521B876B6347658F81FC962BB3274B5C9C576AD94561AAA5352B3440D05F85E79C9B334381CB637E03796662EF2010F8CFFABF9FD2A
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1055\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):24448
        Entropy (8bit):4.122621632188819
        Encrypted:false
        SSDEEP:192:391SejuqYuGYKCwAAAdfMhLn1M97qkBQlgXLvMfUh:N5f1GZAAAdqLnMzr
        MD5:C7B60E697671394781260D5B2CD21810
        SHA1:71219978A2E4CD53D3D6EC2084DAB672E17935E6
        SHA-256:CCF766B55CB0CC623F2705206A2AF04F2C83801580BC40A5AC20F644B814AB8F
        SHA-512:65F3ADB35F1580BC757D37BB458EB1B2A1BBFAFFB56EB514B9CA55C663ED15AB6D3F7E9557167CDFA7E4FBD8C4EE671B9FBAC20440B62F1129922E4AEBF9BDC2
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\2052\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):22582
        Entropy (8bit):4.737654139029718
        Encrypted:false
        SSDEEP:192:3Z2nCxOLHw1QJdYolo/NAAA3gWXCu7+8xNJUfpF2hMUuQ/8mN6L:p2CxOLHw1kXlgNAAAwaD68xNJGmd6L
        MD5:1BD86FBD65D005648103E050D9BEB9F1
        SHA1:13CAD440B20CFE8337E425430892C946731C0AD8
        SHA-256:740117157B31BD5C634A232A0BA98A692B28ED2B4829EF52372200EB547D07CF
        SHA-512:0BDB59979F5A6ECA3E77C23D0D3463C9D8887C1E65BB12DE3706C1A19067F78ABA63022579E8AE6299CFE7B22F84C19FC947426D22D38D4D753FBDA337175F79
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\3082\help.html

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):25647
        Entropy (8bit):3.92888315187818
        Encrypted:false
        SSDEEP:384:Tg6r3hw9RXH+H6VeOgv9AAAK9Btl3efv+HZVPL732bdMiVRXs:eEL9AAAoL3w2+Vs
        MD5:0474106AC825B4F7727FF94576FC15C2
        SHA1:BA346D0AB401DD35D6A7305414C4237177031A68
        SHA-256:A597AA82F35641455E12BD78662A05142F64BC221FF91D4EC4F2A8FA2983297F
        SHA-512:253B9892B92FFDF22FE2444065739368749D6075149D4C647FA89A21EA0324FA4AEF8AF32338DC6AE2EB365ECD0ED1F87CFCAAFBA9DA29009925F92B3FD7FD23
        Malicious:false
        Preview:.<!DOCTYPE HTML>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style>.. body {.. padding-right: 0px;.. padding-left: 0px;.. font-size: 12pt;.. background: #ffffff;.. padding-bottom: 12pt;.. margin: 0px;.. color: #000000;.. padding-top: 0px;.. font-family: Arial, Helvetica, sans-serif;.. }.... .banner {.. padding-right: 0px;.. padding-left: 5px;.. font-weight: bold;.. font-size: 10pt;.. padding-bottom: 6pt;.. width: 100%;.. padding-top: 6pt;.. background-color: #68217A;.. text-align: left;.. }.... .style1 {.. font-family: Arial;.. }.... table, th, td {.. border: 1px solid black;.. }.. </style>..</head>..<body>.. <div class="banner"><a name="top">Microsoft Visu

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):19376
        Entropy (8bit):6.550112210644083
        Encrypted:false
        SSDEEP:384:Tosnax7ccklKPZhxWNUDpCsKW/6fR9zR40:To1x7suvTm9zW0
        MD5:C5E7C4A539EA834661FE20F994330F7E
        SHA1:E2FF1096F557212DDE051887BFD4A450B23E9277
        SHA-256:BC53C6FB22F4BCE970C87122579CAF785F75CBC91D49F49E54229BA32AC7D447
        SHA-512:7F3F32146637E7393F3F906ECE45780C1082AC661FC8F6D88F469E0CA951E9A6BCBAC4BE8959359559E097EBEEC8EB048407CB3276F0A7007C50298EE1294A07
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..............;... ...@....... ....................................`..................................;..O....@..<............&...%...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc...<....@......................@..@.reloc.......`.......$..............@..B.................;......H........ .......................9........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*V!..o[.o...s.........*"..(....*&...(....*.(....*..(....*..(....*...BSJB............v4.0.30319......l.......#~......X...#Strings....X.......#US.\.......#GUID...l.......#Blob...........W..........3........ ...............................&.........................................9...I.9...d.....j.............................L.9.....

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):117792
        Entropy (8bit):6.5070507590422
        Encrypted:false
        SSDEEP:3072:hZVQojfmVq0UiGkGfFordfsbflBf1i4EtV5G:53IqtkOodubf0ht
        MD5:AABFD8A438AE79B4F236EC3B45544DD2
        SHA1:32B026AB6DD4CE60C16FA48690F32632F7F4AC17
        SHA-256:95CB344B58ED754E25F60C44F32303DE9E65DA603DB06A9321D137580B3657CA
        SHA-512:6EB438B1FA9BC62C1356D8F21B0706799D94024CF0C013FB435CAABA82E0C6BBE3570EDC91C71D36E906BE0A28E1DA854A47A377FA487AEFCD5662EEA85A1993
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.~CF.-CF.-CF.-.6.,IF.-.6.,.F.-...,MF.-...,QF.-.6.,UF.-...,kF.-.6.,DF.-CF.-'F.-./.,GF.-./.,BF.-./e-BF.-CF.-BF.-./.,BF.-RichCF.-........PE..L.....;f...........-................`L....... .......................................p....@A................................@...P....................... &...........o..T...........................Xo..@............ ..L............................text............................... ..`.rdata..Zn... ...p..................@..@.data...p...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):66040
        Entropy (8bit):6.09386860302201
        Encrypted:false
        SSDEEP:1536:rq7lWM8vrIROMgyIhfk5MFvdxzYeLV+zg:rq5WMurIWyIhfk5Mbx8eAE
        MD5:D69DDC47DDB2C4C8937E4EFCBB6E29D0
        SHA1:6DE3D02AA85B7915A6AD07C78340B57119C10B01
        SHA-256:5E93BB3957C3001DB4F0938848DEFCF247DDADB3E779F56E87F7838D62509B9C
        SHA-512:BB1E906A47B26794DBE3BD2BDBD2AC5371B8D1FA474EF62C135B5DD60AD094E2FE0299FFC382B024765E42A73ACBDCD467296FA698BED7BC2078B94596D8105C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H............" ..0.................. ........... .......................@......].....`.....................................O........................'... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......hQ......................(.........................................*.~....o....,.~....o....%-.&*(....*....0..h........~....}.....(......%-.&r...ps....z}.....{....o....,.~....o.....{....o....o ......(....}......o!...}....*.0..\.......~.....o"...o#.....{.....o$...,<.{....o....,..{......o%...~&...o'...*.{.....~&....o%...o'...*.0..G.........((...}-......}.......}/......}0......},.....|-.....(...+..|-...(*...*..0..?.........((...}j......}k......}l......}i.....|j.....(...+..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):66056
        Entropy (8bit):5.9479098540926225
        Encrypted:false
        SSDEEP:768:PMupXPsZgoCiiDzRl1A5ukBM9d1b1mW0ENpJNGB0SjXusJt10y1KPvNvs5e9zv:P8Ciwzf1Nfd1JK8pJfULJUIKPvNvswzv
        MD5:352EE196CD65C98B729065AAF6F5C9E3
        SHA1:5DA4C568740C6C91E02EF0E9E1DAC38C52AE33C1
        SHA-256:6CEAA8B598E7985D5637AB1659566DFF9C1FDA37EDF0F044759B56444F739018
        SHA-512:DB12AEC8D7E230994E240C7B7FEDC5420D3415FF199CC6279B8AE684E81681E139D562D9DE39E4EAEE1879FBE7A83EEF5204E7E17AD475257853519292E107B4
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4............" ..0.............R.... ........... .......................@......(.....`.....................................O........................(... ..........T............................................ ............... ..H............text...X.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................4.......H........Q......................|.........................................(....*...r...p..(....(....(......}....*...r...p..(....(.....(......}....*..{....*rr=..p.o.....(.....D...(....*.rY..p.(.........~....r...p(.........~....r...p(.........*r..(.....F...(....(.....F...*..( .....}......}......}.......}....*..{....*..{....*..{....*..{....*...E...%..(!....%.r...p.%..(.....%.r6..p.%..( ....%.rN..p.(!...*.0..).......rR..p.(.........~....r...p(.........~....r...p(.........~....r..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):89072
        Entropy (8bit):5.89145520325784
        Encrypted:false
        SSDEEP:1536:9GrTQONyjORvgkModM5MR7eVUMVB741AU6NSENLy+zF:9GrcrlCMY7etxUUNfZ
        MD5:7A9DD6DF8C84D2CD25919DF6D2868069
        SHA1:1750E30F04F4F621EC716542535E18A99B8F8CE8
        SHA-256:DDE925277C60B8C94434FF1B50E678AD69D79B64E80FBE006BEFF0F16E5E2165
        SHA-512:38177B7765698082F6F0224EE0780337298FA7AD46D910CF7833ED1440EE96AE8536C06CD1299E5DD90C49B6D0CF0C86B99525143418CB8669D1B20AC7EED686
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....B..........." ..0..*...........H... ...`....... ..............................>.....`..................................H..O....`...............4...'..........xG..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H........v.......................F......................................".(.....*....0..;........(........}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}............s....s....}....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{.

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):1641472
        Entropy (8bit):5.823982060162975
        Encrypted:false
        SSDEEP:24576:oKN0IDCTdvYDL5PD7dNAs6wPBindjujSE1b5yKa:bN0+lPrBindjujSas
        MD5:B55A27FA0913854773F9C9F5A42C4456
        SHA1:694100D079A75C5D278A2A824DAFAE21DA370C5B
        SHA-256:C7674FA4E25B030DA4AC00A3D63E1466418204E485203779D6DBAB2CC753CBFA
        SHA-512:3E93B9EDFAB9E8C3DC40FDCD64931D913842EBEDE0446E285B4D09965FFE428B710017CB032D216409B72E30AD264114DCF508400EB96FF12D0888143379727E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*9............" ..0.................. ........... .......................@............`.....................................O.......h................(... ..........T............................................ ............... ..H............text...X.... ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B........................H...........................P...H.........................................(....*..(....*^.(.......}...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*...0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{Y....3...{X......(....,...{X...*..{Z.......-..*...0...........-.r...ps....z.o......-.~....*.~

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):18824
        Entropy (8bit):6.5948034633122266
        Encrypted:false
        SSDEEP:384:XQIhqJDYLBV+1WHKszWdFoWJrHRN7bau56/R9zNB9:XNAJDCkUHKD3rZ5e9zZ
        MD5:DC6D5F059A711616234B383D8A3CD5F2
        SHA1:B53DF8E875BEDF924A32EEBEA2ABB2018F06E5E1
        SHA-256:D461864929E446EDBC6513421F4DB8C6465899D9067EA3C33E2131227799B525
        SHA-512:54CAFA9CE950C0B4A2CFE6F115717CF113B45F6EF21C701207E37151FB8B01E0D370C56D950AB2C0BDD0D813D65462ED19EAB4C9DE320F8434CFB0B30589DECA
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Joe Sandbox View:
        • Filename: Busylight4MS_Teams_Setup.msi, Detection: malicious, Browse
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0..............6... ...@....... ...............................`....`..................................6..O....@..p............"...'...`.......5..T............................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`....... ..............@..B.................6......H........!.......................5........................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.~....*..(....*..*.*.s.........*..{....*"..}....*.~....*..(....*..*..*.*.*.*.s.........*..{....*..{....*"..}....*2.( ...t....*&...(*...*:........(*...*:........(*...*:........(*...*:........(*...*:........(*...*r.-.r...ps....z.( .....o....*J.s....}.....(....*..BSJB............v4.0.30319......l.......#~......p...#Strings............#US.........#GUI

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):47536
        Entropy (8bit):6.254065654848594
        Encrypted:false
        SSDEEP:768:E3DOuy2r9MhdS0+Mg/n+FbK/lCxkQZ2XJP8MbLVSav7C9zAH:ETOK9MhdStMYn4dtcXJPzbLVSaDez0
        MD5:355C1A112BC0F859B374A4B1C811C1E7
        SHA1:B9A58BB26F334D517AB777B6226FEF86A67EB4DD
        SHA-256:CC52E19735D6152702672FEB5911C8BA77F60FDC73DF5ED0D601B37415F3A7ED
        SHA-512:F1E858F97DABEB8E9648D1EB753D6FCD9E2BAB378259C02B3E031652E87C29FBABFC48D209983F7074DFC256AFD42FA1D8184805534037771A71DB517FE16C8B
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".6..........." ..0.................. ........... ....................................`.................................:...O........................%..........8...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................n.......H.......$D...Z..........................................................V!.b... ...s.........*...0..[........(.....r...p(...+.o.... ....1)(....r...p......%. .....M....(.....s ...z..}......(!...}....*2.{....("...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*v.(.... .......(.... ......*.*..0...........(......,..o#.....(....*..(....*.0..'........~$...-.s%.....+.s&..............(....*..0..................(.....(%...o@...-Z..<..('...}#....{*

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):593848
        Entropy (8bit):6.134371614034388
        Encrypted:false
        SSDEEP:6144:RlQV1Q/YkMB7e9Cgf2Z1B8Qz6cAOtysqvYwwJHWueI9B2wH9bmqoophuHj8c2NSU:RlQV1Q/YkGgRQzYO0nQww8ueRhoOC
        MD5:08645C50CB281AF1371E8F0DED10AB67
        SHA1:AE06060913C4BE03AF0E1736650D64E8CDA7AD55
        SHA-256:7BFA4386A603B98AF49099D67F5C5D1E7A50B15107F9780E7F7F50F39234BED9
        SHA-512:BFB8A02DB556BD1E7808FCAED00BCB938758EEFD21F04BD47C6C5A04293B781189EC88A31210EFD6972BE364334FD5E25BA6A83C972C5EC4CF0B8726CB4A77F5
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....H..........." ..0..............4... ...@....... .......................@............`..................................4..O....@..h................%... .......3..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc....... ......................@..B.................4......H.......(h..............,....$...2........................................{L...*..{M...*V.(N.....}L.....}M...*...0..A........uQ.......4.,/(O....{L....{L...oP...,.(Q....{M....{M...oR...*.*.*. .kRQ )UU.Z(O....{L...oS...X )UU.Z(Q....{M...oT...X*...0..b........r...p......%..{L......%qT....T...-.&.+...T...oU....%..{M......%q.........-.&.+.......oU....(V...*..(W...*^.(W..........%...}....*:.(W.....}....*:.(W.....}....*:.(W.....}....*V!..o[.o...sX........*j..6.. ...._ ....`+..s)...*

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):313776
        Entropy (8bit):6.130963150327199
        Encrypted:false
        SSDEEP:3072:QdDeOeVSC0QC46VlCXdcL7Va0mZhy3AYq/gU9Is2CBt/9f/R2KwfxEHw9BLwePKg:iaDVbpv6VMXLWQ7IDS5w9BE0kkpO9K
        MD5:8A9CBBE63D730D60EF5159BED516BC78
        SHA1:130C25908DD4201DB8E6A2F2319EAFC86114B7C3
        SHA-256:4E94690F548EF43A279A1F55807713EB970FA7A0FC9E64602779595778766064
        SHA-512:102ED30752A61712B024C5460E895E161BA22F4583F1148F6C0704EDAEBF703EEB7B65BD393FFD056DF837D5B57220B7B87BC635884B5AA1D6516AFB36370C46
        Malicious:true
        Yara Hits:
        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll, Author: Joe Security
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5g..........." ..0.................. ........... ....................................`.................................[...O.......|................%..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B........................H...........P............................................................(+...*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*V!..o[.o...s,........*"..(-...*&...(....*.r...p*.0..R........(/....r...p(0....r...p(0....r...p(0......(...+%-.&.s....s....}......}......}....*...0..G.........(2...}!......}"......}#......}$......} .....|!.....(...+..|!...(4...*..0..G.........(2...}.......}.......}.......}.......}......|.....

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):1453488
        Entropy (8bit):5.922903824227221
        Encrypted:false
        SSDEEP:12288:cm88J7rr0Lsr75DUzJVrF7ttK78Al6JrXPtWs8SqJx4tnHqr+C2v6XTqxcgV8eY3:0mVDU9JxttK78M4d1tG+EIjdweyFJOxE
        MD5:DA8106A5723B5D66CD6B1713ECE8B91B
        SHA1:73BFD5942BDACC4C87B003C6C5555FEA4BA6251F
        SHA-256:7C481DC4E4C2ED5DF782A794F571808AEC82A71C4FDB1054939A42C4B9F368AA
        SHA-512:EEC20EB53E88E6A96ECAA8496256235176CE586563D8C29D1C3537B5E34213209BD225235AE253B60A7266AAAC56E655AF229BA6B89B87AD24F4CE4349F0CBB2
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............." ..0......n......&.... ........... .......................`......6.....`....................................O........k...............%...@......4...8............................................ ............... ..H............text........ ...................... ..`.rsrc....k.......l..................@..@.reloc.......@......................@..B........................H.......x"..T............8..hx..4.........................................{w...*..{x...*V.(y.....}w.....}x...*...0..A........uc.......4.,/(z....{w....{w...o{...,.(|....{x....{x...o}...*.*.*. .bI~ )UU.Z(z....{w...o~...X )UU.Z(|....{x...o....X*...0..b........r...p......%..{w......%qf....f...-.&.+...f...o.....%..{x......%qg....g...-.&.+...g...o.....(....*..(....*^.(.......5...%...}....*:.(......}....*:.(......}....*^.(.......6...%...}....*:.(......}....*:.(......}....*V!..o[.o..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):1019296
        Entropy (8bit):5.985596703357825
        Encrypted:false
        SSDEEP:12288:MmebRarx1J3m4YV5s4vsoeegJCXyjuj5NBZ2taqFc5bYt6:Mme1LO4NeIgCE1c5ks
        MD5:BBCC8244DB84AD2031AC010633ABF798
        SHA1:DE0CB65EE877663DA272B4162A55A64AB8669F74
        SHA-256:8FE17FF9DA7932DC01A39ED27559D5CDFA9B97BA14CBAA9F719087A241C8B82D
        SHA-512:D5682EA1AA9D50E9A491F8DC25C82907CDE24EAD2842EA392242E8CDEDF49F68F3035042442738E147B5AA29D6328CED68007732298F62466C78FD10B276B06F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:.(..........." ..0..Z...........w... ........... ....................................`.................................fw..O....................h...%..........hv..T............................................ ............... ..H............text...8X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............f..............@..B.................w......H.......8/...F...................u........................................{O...*..{P...*V.(Q.....}O.....}P...*...0..A........u`.......4.,/(R....{O....{O...oS...,.(T....{P....{P...oU...*.*.*. .4]! )UU.Z(R....{O...oV...X )UU.Z(T....{P...oW...X*...0..b........r...p......%..{O......%qc....c...-.&.+...c...oX....%..{P......%qd....d...-.&.+...d...oX....(Y...*..(Z...*..(Z...*^.(Z..........%...}....*:.(Z.....}....*:.(Z.....}....*^.(Z..........%...}....*:.(Z.....}....*:.(Z.....}....*V!

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):64424
        Entropy (8bit):6.338470606239345
        Encrypted:false
        SSDEEP:768:EmcpOXklyzcrDEGnyeY/i6M/UuHls6/yPm+Bk0BEwwjPoG3c4M9zmoABzEXDi9zo:klrrD2eY/TM/XDb0BVw0G3VM96BzS+zo
        MD5:2DC1DC66B267A3470ADD7FAB88B78069
        SHA1:DBE80047475B503791038ED7E47389C062C15C72
        SHA-256:B044863F98AF8D28F4F2F5E2DCCB945C57439E1575AFB37110E1EEC306A6C89C
        SHA-512:44EF73AAB50DCC13CCD94C0353C366818AFB27CE73772D722755B04ADD0C4F294C7814C84DA6069D9AA6136F2A48683C25062DCDDD1664E8D32FED1B38CECA21
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....[..........." ..0.................. ........... ....................... ......u.....`.................................8...O.......l................%..........(...T............................................ ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B................l.......H........O................................................................(-...*..(-...*^.(-......b...%...}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*V!...+.....s.........*..0...........|..........ZX*..0...........|..........ZX*..0..................,..(/...X...(0...-...........+...(1......,.....o2.....o3...(*.....+..........(2.......(0...-...+..........(....()....s4...........,...o5......*..............................0..?..................,..(/...X...........,...(/...

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Newtonsoft.Json.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):711952
        Entropy (8bit):5.967185619483575
        Encrypted:false
        SSDEEP:12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
        MD5:195FFB7167DB3219B217C4FD439EEDD6
        SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
        SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
        SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Memory.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):142240
        Entropy (8bit):6.142019016866883
        Encrypted:false
        SSDEEP:3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU
        MD5:F09441A1EE47FB3E6571A3A448E05BAF
        SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
        SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
        SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):18024
        Entropy (8bit):6.343772893394079
        Encrypted:false
        SSDEEP:384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
        MD5:C610E828B54001574D86DD2ED730E392
        SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
        SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
        SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):23984
        Entropy (8bit):6.411127741355591
        Encrypted:false
        SSDEEP:384:ibaUhiB+EStueQ+MaqwI+7cYtPZxW5nCslBmo8R9zyqyl4:ibA+tn7I+7dOxmoQ9zs4
        MD5:B71306B232B606B7B5E625F6DA67BEB7
        SHA1:CD997770324D58ABB9FEC0DFE1806482509415DD
        SHA-256:142A0541EDF1A59C0FA2BF34B6B2DB495E29C4F31FD03B2633A9B753A71D39F3
        SHA-512:2DE8B42C6EB05CFB0040724A8CD5E055A8A6B388D32A0C495C1B72ACCBBC72624541B73987C2DE0324AC3248BF656B0BAF593D1534A7801B400A332FD2E5A483
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....K..........." ..0..............M... ...`....... ..............................[.....`.................................]M..O....`..<............8...%...........L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc...<....`.......0..............@..@.reloc...............6..............@..B.................M......H........&...$...................K........................................(....*^.(......."...%...}....*:.(......}....*:.(......}....*:.(......}....*V!..o[.o...s.........*..(....*......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..@.......s......r...po....&.r#..po....&..o....,... o....&..}o....&.o....*.0..........(.....r+..po....&..(....o....&.rG..po....&..(....o....&.ru..po....&..(....o....&

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):61984
        Entropy (8bit):6.5120710537238455
        Encrypted:false
        SSDEEP:1536:2YdpkOZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RihZEp4z7L:r5ijbD35qob1hZXD
        MD5:4AEEEC1D0FA2FA470B845DF4A5F20ADC
        SHA1:418806B0257D51D667B53A57ADDEF82FBA72BBE3
        SHA-256:C05F2C409FFA4CD3A0FA18BB2D736315E1971BDC84DD0160B8621463BCF264BC
        SHA-512:4322E87BC7C5AB76C44188286BE96281D6DD11FE8F4CC56414A7662FDAAC6127A92AB5FDD3410336EE982B0A1C844B8FD4383855AAF82C49854EF565B5C1C4F1
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.;f...........!..................... ........@.. .......................@......Q9....@.....................................K.......X............... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B........................H.......0...P...........P ..^............................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):62496
        Entropy (8bit):6.4629857101572314
        Encrypted:false
        SSDEEP:1536:U2cCZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RO9FC4dezF+:UhC5ijbD35qobF9TI
        MD5:670360AFB5CC2C43DA6CCCAE1E2DAD26
        SHA1:CFF390695D653B43BDBB946EDC9AF93342BD6027
        SHA-256:AE63C6654795492CF031DF3CFDBF7C3914BC7702D90F36083834E77E08554189
        SHA-512:98F8D86ED4D4EA6F2ED44933F00762B1EFDB514C527ED5B9D1BAC7038F37A8BFFEFFAF0F3C6E5A129E2AAEC7B90DD5BA0138DB5A5CD5E1F9C0A3CC6513B1A90C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.;f...........!..................... ........@.. .......................@............@.....................................K....... ............... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H.......0...P...........P ..`............................................$.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\detection.json

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):8838
        Entropy (8bit):4.490452571417504
        Encrypted:false
        SSDEEP:192:c5RL5JW2ppB82Bp12K/1xXKuFnXquoI8qguTnoiAOXbsECQxV3mb:qqUUs6maY6L
        MD5:782F4BEAE90D11351DB508F38271EB26
        SHA1:F1E92AEA9E2CD005C2FB6D4FACE0258D4F1D8B6C
        SHA-256:C828A2E5B4045CE36ECF5B49D33D6404C9D6F865DF9B3C9623787C2332DF07D9
        SHA-512:0A02BEECA5C4E64044692B665507378E6F8B38E519A17C3CECCCA1E87F85E1E2E7B3598E598FC84C962D3A5C723B28B52EE0351FAAEC82A846F0313F3C21E0E4
        Malicious:false
        Preview:{.. "StopIfFounds": [.. {.. "Entries": [.. {.. "Id": "Dev14.Enterprise.Version",.. "Hive": "hklm",.. "Key": "software\\Microsoft\\DevDiv\\vs\\Servicing\\14.0\\enterprise",.. "Value": "Version".. },.. {.. "Id": "Dev14.Professional.Version",.. "Hive": "hklm",.. "Key": "software\\Microsoft\\DevDiv\\vs\\Servicing\\14.0\\professional",.. "Value": "Version".. },.. {.. "Id": "Dev14.Community.Version",.. "Hive": "hklm",.. "Key": "software\\Microsoft\\DevDiv\\vs\\Servicing\\14.0\\community",.. "Value": "Version".. }.. ].. },.. {.. "Entries": [.. {.. "Id": "Dev12.Ultimate.Version",.. "Hive": "hklm",.. "Key": "software\\Microsoft\\DevDiv\\vs\\Servicing\\12.0\\ultimate",.. "Value": "Version".. },.. {.. "Id": "Dev12.Premium.Version",.. "Hive": "hklm",..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):61984
        Entropy (8bit):6.450169077807969
        Encrypted:false
        SSDEEP:1536:HZqjyZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6Rs37MNzW:35ijbD35qobPrMNy
        MD5:7E6F1ACB7A7984E9C80100D49E0C7FFC
        SHA1:DBE266D022DF9A7D77C14D61F6963EFFC8A61155
        SHA-256:18404339B16DB1CD8708C6FE287AC935D19007DDD6C4560764B64D52D58086A7
        SHA-512:EB80725FC4E0B716C797B122E40F898015167C8EE6A69172A7B17478A9C3D39DF58CCF98D0CB5FBA51D48A746C5EB9CFB022DDF52E355020CB0FFE967C589888
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z.;f...........!..................... ........@.. .......................@......r.....@.....................................K.......8............... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc....... ......................@..B........................H.......P...P...........P ...............................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):62488
        Entropy (8bit):6.462362271891689
        Encrypted:false
        SSDEEP:1536:up3jC/lZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RsDqVaz3:upu/l5ijbD35qobJDqkL
        MD5:BF6E960B2F85220B70F5A59CF5D867E0
        SHA1:16F12ED2F15FAE2F1EA5BB12CA0C11B552C73EEC
        SHA-256:583EB0425DB2312057530D59C04F607D6CE7139A7722B05B5340F247FF42B45B
        SHA-512:F16D48C2D6647CF6701231416FD0C0C694148D5A026AE63F7BD40C1E508F0F55AF24ECE680EA1A3CDB5C81D583D8A038BE11DE7E2E9AC8A9D651B05BB0DFB9E7
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[.;f...........!................^.... ........@.. .......................@............@.....................................K........................&... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H...........P...........P .....>........................................$.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):62496
        Entropy (8bit):6.439263152585792
        Encrypted:false
        SSDEEP:1536:pmwtyAZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RgDVz:TtyA5ijbD35qobZDV
        MD5:94BF31A88E4F2DF564828A14875A9D21
        SHA1:E4E860C4D7AD5E49EC4DE620C0A03379261A8682
        SHA-256:9944773A29A5299E145B4EAB6CE19DF88FBF89874EF43903BE7F1AD4E5CDC0E8
        SHA-512:0BEDAA8B533F97808A8F6E476CC9BBE3A45ACAEE3489674A60D493A9E511B25F5D7E48949C5B5CBA071A5703C1D6CF7C35525CDE538BFA4E1A2BDE7BDE5ED350
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\.;f...........!..................... ........@.. .......................@............@.................................8...S....................... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................p.......H...........P...........P ......g........................................#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):64032
        Entropy (8bit):6.6359568646975085
        Encrypted:false
        SSDEEP:1536:7k2QK7ZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RbU83zgvy:n55ijbD35qobyU837
        MD5:1F0A3AC04532D924920BED41F299C08C
        SHA1:5A517972A76A902A3B699F699DD24F2B89EAABAD
        SHA-256:529715C668A12D0D0FA09C121DA7ED755C301B9A39A4101B730AA8BA08BF1734
        SHA-512:5D2307081A694959CD9FB2544C7D68876A84F155FB0D76D4ADF316035C5C35882DE35D0F650F74D3CF01BA73C26437E7E3B0EE1447D5A87AFFB72CBFF9EFA4C3
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].;f...........!................>.... ........@.. .......................@.......u....@.....................................O....................... &... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H...........P...........P ..............................................e).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):62496
        Entropy (8bit):6.6599845259067765
        Encrypted:false
        SSDEEP:1536:t1EM0XZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RxUqIzUv:LExX5ijbD35qobAUPov
        MD5:76D609EB739C2C85FD9BA5BEF8288EA7
        SHA1:2C9A2BD3AB6203336DA4CC229C07527EB892F5CA
        SHA-256:71518B1554AA235F67C87663549FEFF54C71FE77479311413D823368CFA54B09
        SHA-512:2DD09DB58D5DEE1967C88BC426DAF606B7E84831B820E7896974C3EBD298BACE81E386D1B25665254C7FFB0223342DF05AD426B01FBE7F33D467CD289CFB61A5
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.;f...........!..................... ........@.. .......................@.......s....@.................................D...W....................... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........P...........P ..!...q........................................$.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):62496
        Entropy (8bit):6.469695016176603
        Encrypted:false
        SSDEEP:1536:ZzBlUZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RPQG1z7:K5ijbD35qobWr1X
        MD5:ADFFBBA8D0D0899C2D9EC04561248E4E
        SHA1:49A16F20B8868E6EAAB604B76B526F782C53F8A1
        SHA-256:1BA0C715715B2741D63673414272075BBD7A2ABA0A0CFF9458A8B02C859D2F40
        SHA-512:BA0614E017B97DE011B2FD5B449BB4590AB2089014313B2FD7A7D57E58A94980F0D8A3632A2705A1A0205B388A19BBA31EEF9585B269911FF9077F7F04C94AE9
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.;f...........!..................... ........@.. .......................@............@.....................................W.......P............... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B........................H.......d...P...........P ..............................................-#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):61984
        Entropy (8bit):6.461887296663882
        Encrypted:false
        SSDEEP:1536:tbFGZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6R5QVzMg6:5o5ijbD35qobaQVw
        MD5:3801828DABD3EBFBB1DB5BCBE7E39734
        SHA1:AFD3C8F2DF47D4FDC52AA284E1D154136F924705
        SHA-256:76C18CD1FCCF595795A5D72B34489517799FD18360265DC5A49BB0D0ABFC3C14
        SHA-512:C9AD7F78F8B19EE46FB816478F906E1B24F6E8C7F2852B5BCB34354C2AD6999ED367F43A6836E4B945111AC8E0DC1B88446E08BD35644B33D028CB03D88D212E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.;f...........!................>.... ........@.. .......................@......w.....@.....................................O.......8............... &... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...8...........................@..@.reloc....... ......................@..B................ .......H...........X...........P .............................................^".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):65056
        Entropy (8bit):6.591537733484011
        Encrypted:false
        SSDEEP:1536:ZF1mTZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RgwzC4dezF+:JmT5ijbD35qobbwVI
        MD5:F60A8CFC4A8995726EB1A8DECC9B4A9E
        SHA1:F20EFD2E4028B49C57BC31417B9642988F92C93C
        SHA-256:052FF6EDCEC6170D35DCDF5336E3D533CC1C86013E0797E01C6EDE1E270CE3F4
        SHA-512:F987A175F2454F290BEEFB50F0C3BF7844F5AF2A4660D6323850A52EB35E132E5F492AA5E9CEA219A59725584885ED930E8206D8390F4CC7140A50D55615B88C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.;f...........!................~.... ........@.. .......................@............@.................................$...W.......H............... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B................`.......H...........P...........P ......R........................................-.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
        Category:dropped
        Size (bytes):2356168
        Entropy (8bit):6.285202188724768
        Encrypted:false
        SSDEEP:49152:H3saNqjaN7QtLdtfwjgViGZOfG6mjtb+mmyeLnM/:H8laN7QtRtYkVdZOfG6mjtb+mmyeLnM/
        MD5:A2F41908D5DC93B30DAA584EA84D2092
        SHA1:858E185E27C19177D3BD8682CEA53BCDC27A598E
        SHA-256:88A6F127EEE41DA978181DF5DE12D65D2337D4427EF66B6BE1DF51BC29E93F8B
        SHA-512:EE5934249B2540B2EB8F9EA3F344F00D6E512A8F2F86DF4EA674DD9E35A91154CD77C62053882E187CF1A629C369AD3BE9667F59607676BDC780280DE5DFBEED
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................................h...g.h.....h.f.........h.....Rich..........PE..d...^.Zd.........." .....2..................................................@$.......$...`A........................................P. .h..... .......$.......".`.....#..'....$.<(..D...T.......................(...0...8............P......X. ......................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...l.... !..t....!.............@....pdata..`....."......t".............@..@.didat..(.....#......z#.............@....msvcjmc~.....#.. ...|#.............@....rsrc.........$.......#.............@..@.reloc..<(....$..*....#.............@..B................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
        Category:dropped
        Size (bytes):2273160
        Entropy (8bit):6.408019739214968
        Encrypted:false
        SSDEEP:49152:kzMU039r/pXcg++oqNVIrn4afKGYDdK7sW1Dijj:J3MgjI3KhDMwW5Yj
        MD5:6D226A7B33583555FE71310E610E7FC6
        SHA1:92BB8CE4CB4E215348C6E22FFC3BF57EC031883A
        SHA-256:613BE496AD434CEEF6ED29DBBA64F27A2612795078977A8B07B229EBBA9E9953
        SHA-512:5697F07F95C723DE50F65B23D5CE4853E716425ABCCAE187D00ED3AB1812FB0E04AF47B5ED241370773522FA3C463C351C9DFC58B10C7962BD2E8C83710A3D46
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........xB...,R..,R..,R../S..,R..)Sh.,R.l(S..,R.l/S..,R..(S..,R..*S..,R.a.R..,R.l)S..,R..-S..,R..-R..,R.l%S..,R.l,S..,R.l.R..,R...R..,R.l.S..,RRich..,R........................PE..d.../.Zd.........." ................`g........................................#......x#...`A........................................p...d............"......` .d....."..'...."..(......p.......................(....x..8............0......x........................text...L........................... ..`.rdata.......0......................@..@.data...L........t..................@....pdata..d....` ....... .............@..@.didat..(....."......4".............@..._RDATA........"......6".............@..@.msvcjmc......".. ...8".............@....rsrc........."......X".............@..@.reloc...(...."..*...^".............@..B................................................................................

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):1967032
        Entropy (8bit):6.604486212501452
        Encrypted:false
        SSDEEP:49152:G2gzwmjBjMcrkTfcHdUKnfj46fCoOGXqajQ8+FdDtOzAvu:GWmjFM7WUKndflOGXqaku
        MD5:94AB867EF06D046B6F65ADBCB0994638
        SHA1:30768967AD3B95AAEB8EC671F96E176A6D5DD1FA
        SHA-256:E9501BD3899C05167AB3D6CDE455E7C81BC4BD138314207F3CDFE910B21358AE
        SHA-512:81E20E97829BD2102E552BF78F1DA4A6986CECA475C6514C7DE9A40ADEAFDD7B15C15DD10AF293DF5B4C21E4B1C431C92591D19559C9C71BA5916D14D750C090
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ns#...M...M...M.otN...M.otH...M.XgI...M.XgN...M.otI...M.otK...M..j...M.XgH.n.M.otL...M...L.Q.M..gD...M..gM...M..g....M......M..gO...M.Rich..M.........PE..L.....Zd...........!.........H.......L.......................................@............@A............................h...(............................'.......u...7..p....................8..........@...............X............................text...Z........................... ..`.rdata..FA.......B..................@..@.data....f.......N..................@....didat...............>..............@....msvcjmc......... ...@..............@....rsrc................`..............@..@.reloc...u.......v...f..............@..B................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):61984
        Entropy (8bit):6.487297270622637
        Encrypted:false
        SSDEEP:1536:LTI9ZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RBFipzb6:O5ijbD35qobKFipf6
        MD5:1EE13705137060818D20ADEDEC0A98C2
        SHA1:145E85ABADEC8300A4200793067E2E2A590D92F7
        SHA-256:72B49DB6263C8166F85808C377B60BAC3E25679EF580F0999DE7C94761830FD6
        SHA-512:DD9ED1D7B20EF12E17BE2CE6BAD96D4D25368F0340B58BE6C4474D935A538111CB9E5E2B55F6EF06B8916B11A4B234372740C4E066AD35AEE784500C6EE8E260
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e.;f...........!..................... ........@.. .......................@......u.....@.................................4...W....... ............... &... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B................p.......H...........P...........P ......d........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.config

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):622
        Entropy (8bit):5.253905211970565
        Encrypted:false
        SSDEEP:12:XT8NTiBkOXeAImfZs4X1DPOk+DPOGu1DPOa0wDPOGJwDPOW3VvwDPO0DPOjXovjo:XTqOfIIZlX1T7+TRsTiwT3JwTNvwThTA
        MD5:0A19FC19FACE1DB2B5C04438B928D43D
        SHA1:BC4E0FB87707A452F1ADA09459022C91AF2D32BC
        SHA-256:10E104169E96EC1588483CA251264BEE2301483ED9715BC5690E2D043D0FCBF3
        SHA-512:655F6A2A4E6D23691096374EC08F06E5306C2187152A4CF1771CCF539D1DAD637FF1DF03DCD52B71DDE0B3C5687106AF294555033B2BE45158A5588C7976DA1C
        Malicious:false
        Preview:DownloadUrl=https://aka.ms/vs/17/release/installer..productSemanticVersion=17.10.0+34916.146..autoSelfUpdateMinVersion=3.10.2154.285870211..LicenseUrl=https://go.microsoft.com/fwlink/?LinkID=2180117..PrivacyUrl=https://go.microsoft.com/fwlink/?LinkID=661279..KB2919355Url=https://go.microsoft.com/fwlink/?LinkId=403643..Win8OSNotSupportedUrl=https://go.microsoft.com/fwlink/?linkid=843932..OSNotSupportedUrl=https://go.microsoft.com/fwlink/?linkid=840937..DotNetNotSupportedUrl=https://go.microsoft.com/fwlink/?linkid=840938..LayoutHelpUrl=https://go.microsoft.com/fwlink/?linkid=849620..MajorVersion=17.0..IsFixed=false..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):413752
        Entropy (8bit):6.2799067674154605
        Encrypted:false
        SSDEEP:6144:2qJQawjXE3fAzf1sEjvpPgjeAWoZVheNdPafjf4n:29awI3fAzuEjvNFAWonhe7aT4n
        MD5:4108506D8CDC3A03BB7E4496025EE902
        SHA1:A02D206F205A1A45B5223A73BFE84E25B359D251
        SHA-256:F9BF0A30395E521D65FB1E39A6A76E19C061A8D3806653FC7F5B28B9FB327903
        SHA-512:B4A7AA0C65E3A3279D0845A02E896A85D5F5074A79EE3AB52A8AA422FAB759D4FAB177961C03F280CA7499E10678D29E951946283B26D2CA107D5BE76C76E8E8
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..r..........b.... ........@.. ...................................`.....................................O....................*..8&...`......l...8............................................ ............... ..H............text...hp... ...r.................. ..`.rsrc................t..............@..@.reloc.......`.......(..............@..B................C.......H.......L...............L... ...l.........................................(-...*^.(-..........%...}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*V!..o[.o...s.........*..0............(...+.(....:....r...p....(...+o1...(2....(3.....s4...~......%....(5........o6...~......%...o........(7...o6......~........ob.....(.....oP... ....*(....9....r...p......(...+o1...(2....(3.....s4...~......%....(5........o6...~......%...o........(7...o6......~.........ob.....(.....oP... ....*(....

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):2873
        Entropy (8bit):5.093168041038822
        Encrypted:false
        SSDEEP:48:cErK7h+1/g4az7ogzz7O7Rgdz7Ryg4Q9z76g+Cz76agXz7h+ag+e/tDu:hr246pdWQh6CM4ad
        MD5:C301859AEF3BF4C0914914E5807F6A5B
        SHA1:908827CE12D093D2AA3D1E8BAA8CAF8BFE204FBD
        SHA-256:781EC48AE412BA18C2CEA1B67F5BC4A33245FD5F96DBB0E58B218C98EE03785D
        SHA-512:0B9EEB0288B01DDFDE11404B15378694145978BDD664B68BEFE5F776F65F950D35F54B7F29662A64FF91FEB4DC0E9BD537864E46A1F3F252E8113DDF95F32F0B
        Malicious:false
        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-0.17.0.7329" newVersion="0.17.0.7329" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.json

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):163
        Entropy (8bit):4.8414251562385555
        Encrypted:false
        SSDEEP:3:3H9ysxeXutqVROmFXMWApPVxtHqVBC6hFtJ49DRZ8WKTNoBmAy:3HEsxhsVnXMWqPJqVBzt28NTiBmAy
        MD5:BB004C2A7E87D3016E3BDCFD6D9F5251
        SHA1:3C984D00B521893B050B3A4DBB0FDDC283D27865
        SHA-256:ADCF02F322066AEA210E820D7D344F3A0FED05DF18EBD57C053C5C727F232307
        SHA-512:CF3E5786B46BA78D72E6C372C6BB6AB1B6E0B54FA8A88219E0B1B361556B7999BB2F2F99F98B10935C1F5FD481E6890D18BCA1F52C6F4947A2F8D2C5D3B7C72A
        Malicious:false
        Preview:{.. "productId": "Microsoft.VisualStudio.Product.Enterprise",. "channelId": "VisualStudio.17.Release",. "channelUri": "https://aka.ms/vs/17/release/channel".}..

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):60448
        Entropy (8bit):6.663639966346661
        Encrypted:false
        SSDEEP:1536:qX+ZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6RZyRuTIzN:T5ijbD35qob2dMZ
        MD5:9C42296E9618B81A0EA7C0AC05BEEA88
        SHA1:EA9F9065027A5196541994C07C4A6D948B9DF474
        SHA-256:F2F7E8F1F674CA254A2EC2AE75E2AECBEB9C510198212F74275FC5D0B00B9887
        SHA-512:038DE1E7E0207117E6107A5F4257A0355A11BAE6245537ECAABCA7DA32AC47761FA7487FF1887E8D16D54D99E0BCCB10DEF664930F9CE8154CDBF627DC36A66D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U.;f...........!..................... ........@.. ....................... ............@.................................x...S....................... &........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........\...........P ..L..........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dll

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):60336
        Entropy (8bit):6.674080076870226
        Encrypted:false
        SSDEEP:1536:eWZBnbzG6lhu3wMrOEvXbugbyFrxiHDbD35qoH7XPN6ROyE1przO:p5ijbD35qob/j1i
        MD5:666036ED50EEC014C81DF2BBEDBF5FC7
        SHA1:882E2D8E2837281ECAEE21EE0C2815F6B3A5C455
        SHA-256:4BAC87DC99F1121B463334E0670CCDB243EB7FC6E9035DBEF5B01DB0B9A8299B
        SHA-512:1D9B9A3FDCAA1CCA570CB12EFA10CE95762200B2405779C0F6BC320CAB292E284A3BF8BD677631CCB16D5B121AA73DE37480A17C19D26AB462F7F9C7643113F5
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W.;f...........!................N.... ........@.. ....................... ............@.....................................K........................%........................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................0.......H...........\...........P .....!.......................................k..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....;.......PADPADPz.j..E.s.....* P.......,.{.......0.M..E.+...X....i>F......U.......o............Kp.........B.).D..@...&'%..&..q&...7..{..;9......E......YC.....R..!..U-<..A..F.$.Kua.O:.mY...Z.."`..$`.ZR`.I.am..c.@.d|L'd/VHeMDrf:X.j

        C:\Users\user\AppData\Local\Temp\dd_VisualStudioSetup_decompression_log.txt

        Download File
        Process:C:\Users\user\Desktop\VisualStudioSetup.exe
        File Type:CSV text
        Category:dropped
        Size (bytes):758
        Entropy (8bit):5.513612422942566
        Encrypted:false
        SSDEEP:12:/Pt26pfYmaiR8BeBZKgrstjH0ZVIR/hsvqsY5v5IKQ4gyiR8j9c+Cy:ntDCiR6eB00stjHz/hsCPh5IK/iRIc+7
        MD5:E34606BE0A0F101D55AB4E67FBA2461A
        SHA1:09D8221556C13F9E8CE69B5F0CF6E22B08DDBF0C
        SHA-256:900B99DB4E622B1B7F46EAA333CF562965E62314D1CFB73F7E667A08FA5361A0
        SHA-512:14F26670114ED41710F20F8FED9856BCDBA172D78BCCE4E4D442651BE25DC1B6CAFC3BE186B3591810FA4F6712D5BC41B9B0C88D1887913ED2939155BD32BB0B
        Malicious:false
        Preview:[5/23/2024, 12:28:55] === Logging started: 2024/05/23 12:28:55 ===..[5/23/2024, 12:28:55] Executable: C:\Users\user\Desktop\VisualStudioSetup.exe v17.10.34916.146..[5/23/2024, 12:28:55] --- logging level: standard ---..[5/23/2024, 12:28:55] Directory 'C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\' has been selected for file extraction..[5/23/2024, 12:28:55] Extracting files to: C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\..[5/23/2024, 12:28:57] Extraction took 2.391 seconds..[5/23/2024, 12:28:57] Executing extracted package: 'vs_bootstrapper_d15\vs_setup_bootstrapper.exe ' with commandline ' --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop"'..

        C:\Users\user\AppData\Local\Temp\dd_bootstrapper_20240523122858.log

        Download File
        Process:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        File Type:ASCII text, with very long lines (311), with CRLF line terminators
        Category:dropped
        Size (bytes):1941
        Entropy (8bit):5.426660086457601
        Encrypted:false
        SSDEEP:48:q56XPB4iKcEa2tj3LZnGu1iN/gJezPnJvVUG8DgtEUoOQXbnuA:q56XJ4MEH3LZnN1KQOBvKG8iRNQXbuA
        MD5:6377423ACBFF57BEAFE205DE044E6701
        SHA1:EC8FB0102E77C0BB086D8FA648B3BE88FFA6B367
        SHA-256:38E3B4488D8C1510DF3F47A539C62BCB4EDBF3DE02A97E608E4F0111E2CAA0BB
        SHA-512:6990EE51ED10F16367CCD38C7949B3333B3A8F2CA8F740FC8A6F0D49816B669A6FAADAF7C945BCBDA853B0D973AC3DFE093A06F0448FD1193527F729694E9881
        Malicious:false
        Preview:[0c58:0001][2024-05-23T12:29:13] Assembly version: 3.10.2154.60269...[0c58:0001][2024-05-23T12:29:28] Creating new ExperimentationService..[0c58:0001][2024-05-23T12:29:28] Telemetry property VS.ABExp.Flights : ..[0c58:0001][2024-05-23T12:29:28] Commandline arguments = --env,_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop..[0c58:0001][2024-05-23T12:29:28] C2R signature arguments = {sku, enterprise, channel, Release, cid, 2030:ce9bac4c1dec4db5845680afcd3c62e1}..[0c58:0001][2024-05-23T12:29:28] Parent process name = VisualStudioSetup..[0c58:0001][2024-05-23T12:29:28] Parent process product version = 17.10.34916.146..[0c58:0001][2024-05-23T12:29:28] CampaignId = 2030:ce9bac4c1dec4db5845680afcd3c62e1..[0c58:0001][2024-05-23T12:29:28] Warning: ResponseId not available in 'vs_setup_bootstrapper.config'. Trying to parse filename...[0c58:0001][2024-05-23T12:29:28] Warning: loading config settings: -update --update --layo

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.946652493153066
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:VisualStudioSetup.exe
        File size:4'004'568 bytes
        MD5:e81c3dce4ebe9d90c39a0dc4a7782dcf
        SHA1:d55e946462aaecb5371db48a3d21bcba8dcaaeb1
        SHA256:84af88add861a83a58867c92ba1445016c98879400450b1e7f39a815b6ae43b2
        SHA512:63b52ab1384d8f40df8e76879252341c22a7dd5adddee602bf1ca80cedb9787116f1ae88bfdc44d9a6ec989dc6dc3f714d17f17a00528eacf232833adcb4c231
        SSDEEP:98304:3EbijYUhefyW9dfuejQFKH3JR8zdJwtrJM3:pyryIH3/8zUtrq3
        TLSH:AB06235278C8287EDD6F0631431FEAB61A7E69E07F94849F6B40361D8D3058290FABD7
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..(|..{|..{|..{...zv..{...z...{...zW..{...zo..{...zh..{...zi..{...ze..{|..{...{...z;..{...z}..{...{}..{|..{~..{...z}..{Rich|..

        File Icon

        Icon Hash:39199c4e42c9d93c

        Static PE Info

        General

        Entrypoint:0x41dfd0
        Entrypoint Section:.text
        Digitally signed:true
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Time Stamp:0x663BC37D [Wed May 8 18:25:01 2024 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:5
        OS Version Minor:1
        File Version Major:5
        File Version Minor:1
        Subsystem Version Major:5
        Subsystem Version Minor:1
        Import Hash:01b29b0304f316768e6c21448e7b24b7

        Authenticode Signature

        Signature Valid:true
        Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
        Signature Validation Error:The operation completed successfully
        Error Number:0
        Not Before, Not After
        • 16/11/2023 20:09:00 14/11/2024 20:09:00
        Subject Chain
        • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
        Version:3
        Thumbprint MD5:F78C3421DE06383F9096492D9CFC284E
        Thumbprint SHA-1:C2048FB509F1C37A8C3E9EC6648118458AA01780
        Thumbprint SHA-256:461DC5C7FC204A93838D9879BFC8276C07C39CD6151C493BCDA67AE0A1A7D0CA
        Serial:33000003AF30400E4CA34D05410000000003AF

        Entrypoint Preview

        Instruction
        call 00007FB964898996h
        jmp 00007FB96489833Dh
        push ebp
        mov ebp, esp
        mov eax, dword ptr [ebp+08h]
        push esi
        mov ecx, dword ptr [eax+3Ch]
        add ecx, eax
        movzx eax, word ptr [ecx+14h]
        lea edx, dword ptr [ecx+18h]
        add edx, eax
        movzx eax, word ptr [ecx+06h]
        imul esi, eax, 28h
        add esi, edx
        cmp edx, esi
        je 00007FB9648984DBh
        mov ecx, dword ptr [ebp+0Ch]
        cmp ecx, dword ptr [edx+0Ch]
        jc 00007FB9648984CCh
        mov eax, dword ptr [edx+08h]
        add eax, dword ptr [edx+0Ch]
        cmp ecx, eax
        jc 00007FB9648984CEh
        add edx, 28h
        cmp edx, esi
        jne 00007FB9648984ACh
        xor eax, eax
        pop esi
        pop ebp
        ret
        mov eax, edx
        jmp 00007FB9648984BBh
        push esi
        call 00007FB964898C63h
        test eax, eax
        je 00007FB9648984E2h
        mov eax, dword ptr fs:[00000018h]
        mov esi, 0043A088h
        mov edx, dword ptr [eax+04h]
        jmp 00007FB9648984C6h
        cmp edx, eax
        je 00007FB9648984D2h
        xor eax, eax
        mov ecx, edx
        lock cmpxchg dword ptr [esi], ecx
        test eax, eax
        jne 00007FB9648984B2h
        xor al, al
        pop esi
        ret
        mov al, 01h
        pop esi
        ret
        push ebp
        mov ebp, esp
        cmp dword ptr [ebp+08h], 00000000h
        jne 00007FB9648984C9h
        mov byte ptr [0043A08Ch], 00000001h
        call 00007FB964898A8Bh
        call 00007FB964899492h
        test al, al
        jne 00007FB9648984C6h
        xor al, al
        pop ebp
        ret
        call 00007FB9648A1AFCh
        test al, al
        jne 00007FB9648984CCh
        push 00000000h
        call 00007FB9648994A3h
        pop ecx
        jmp 00007FB9648984ABh
        mov al, 01h
        pop ebp
        ret
        push ebp
        mov ebp, esp
        sub esp, 0Ch
        cmp byte ptr [0043A08Dh], 00000000h
        je 00007FB9648984C6h

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x386700x54.text
        IMAGE_DIRECTORY_ENTRY_IMPORT0x3b2cc0x104.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e0000x2bf90.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x3cebe00x2ef8
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x6a0000x2638.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0x88f00x54.text
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x89e80x18.text
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x89480x40.text
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x3b0000x2c8.idata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x376c40x3780017d6f039c1f2af31660c9d80a5eb1df3False0.5361680039414415Matlab v4 mat-file (little endian) , numeric, rows 4316736, columns 42315366.559321973280363IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        .data0x390000x1e600xe00bfb7cca8aee3e2b6ed0d6f694c795381False0.21149553571428573data2.504114864571103IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata0x3b0000x12fa0x1400f1f56c6375770b1f7b04fa676d23a724False0.4119140625data5.36962037082174IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .boxld010x3d0000xb80x2000ac118c0e766b730436998a99c3eedf8False0.26171875data1.6860913290501263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .rsrc0x3e0000x2bf900x2c000e47873708c40304f80dbc0da47fc6ec5False0.3302390358664773data5.645194891441832IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x6a0000x26380x2800495ac303d566dd687af1e65bb259f29eFalse0.7462890625data6.548207130068343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountryZLIB Complexity
        RT_ICON0x3e4600x74cbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9987290544834275
        RT_ICON0x4592c0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 0EnglishUnited States0.1602112676056338
        RT_ICON0x4edd40x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 0EnglishUnited States0.1848872180451128
        RT_ICON0x555bc0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 0EnglishUnited States0.1996765249537893
        RT_ICON0x5aa440x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.2081955597543694
        RT_ICON0x5ec6c0x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 0EnglishUnited States0.21648793565683647
        RT_ICON0x626b40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.2550829875518672
        RT_ICON0x64c5c0x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 0EnglishUnited States0.29659763313609466
        RT_ICON0x666c40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.3405253283302064
        RT_ICON0x6776c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.4385245901639344
        RT_ICON0x680f40x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 0EnglishUnited States0.5337209302325582
        RT_ICON0x687ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.625886524822695
        RT_DIALOG0x68c140x11cdataEnglishUnited States0.6338028169014085
        RT_DIALOG0x68d300x170dataEnglishUnited States0.5135869565217391
        RT_STRING0x68ea00x582dataEnglishUnited States0.33687943262411346
        RT_STRING0x694240x228dataEnglishUnited States0.46195652173913043
        RT_STRING0x6964c0x4edataEnglishUnited States0.6794871794871795
        RT_GROUP_ICON0x6969c0xaedataEnglishUnited States0.7298850574712644
        RT_VERSION0x6974c0x384dataEnglishUnited States0.43555555555555553
        RT_MANIFEST0x69ad00x4c0XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1156), with CRLF line terminatorsEnglishUnited States0.47368421052631576

        Imports

        DLLImport
        ole32.dllCoInitializeEx
        COMCTL32.dll
        RPCRT4.dllUuidCreate, UuidToStringW, RpcStringFreeW
        SHELL32.dllSHGetPathFromIDListW, CommandLineToArgvW, ShellExecuteExW, SHBrowseForFolderW
        SHLWAPI.dllPathRemoveExtensionW
        USER32.dllGetWindowLongW, SetWindowLongW, PostQuitMessage, EndDialog, SetWindowTextW, DialogBoxParamW, SendMessageW, GetWindow, GetWindowThreadProcessId, GetTopWindow, MessageBoxW, GetDlgItem, LoadStringW, PostMessageW
        ADVAPI32.dllRegCloseKey, CryptGenRandom, CryptReleaseContext, DecryptFileW, RegOpenKeyExW, RegQueryValueExW, CryptAcquireContextW
        KERNEL32.dllFileTimeToDosDateTime, FileTimeToLocalFileTime, MoveFileExW, GlobalFree, GlobalAlloc, SetCurrentDirectoryW, GetCurrentDirectoryW, RemoveDirectoryW, GetFileAttributesW, DeleteFileW, FileTimeToSystemTime, GetSystemInfo, CreateEventA, GetModuleHandleW, GetEnvironmentVariableW, GetTickCount, SetEnvironmentVariableW, GetLastError, ExpandEnvironmentStringsW, Sleep, GetProcessId, WaitForSingleObject, GetExitCodeProcess, CloseHandle, SetFileAttributesW, InitializeCriticalSection, CreateEventW, CreateThread, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetEvent, GetCommandLineW, lstrlenW, CompareStringW, LocalFree, CreateDirectoryW, GetTempPathW, LoadLibraryW, GetProcAddress, GetSystemDirectoryW, SetDefaultDllDirectories, FreeLibrary, WaitForMultipleObjects, ExitThread, SetLastError, SystemTimeToTzSpecificLocalTime, GetSystemTime, GetTimeZoneInformation, FormatMessageW, lstrlenA, GetComputerNameW, GetLocalTime, GetVersionExW, CreateFileA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetFilePointer, InitializeCriticalSectionAndSpinCount, ResetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, FreeLibraryAndExitThread, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapFree, HeapAlloc, GetFileType, LCMapStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, GetProcessHeap, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapSize, HeapReAlloc, ReadFile, DecodePointer, CreateFileW, WriteConsoleW, DuplicateHandle, FindFirstFileW, SetEndOfFile
        Cabinet.dll
        OLEAUT32.dllVariantClear, SysAllocString
        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
        bcrypt.dllBCryptCreateHash, BCryptHashData, BCryptFinishHash, BCryptDestroyHash, BCryptCloseAlgorithmProvider, BCryptOpenAlgorithmProvider

        Exports

        NameOrdinalAddress
        ?dwPlaceholder@@3PAEA10x43d000

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States

        Network Behavior

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        May 23, 2024 18:29:01.435861111 CEST1.1.1.1192.168.2.50x3a97No error (0)tn-api-prod-southcentralus.azurewebsites.netwaws-prod-sn1-111.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:29:01.435861111 CEST1.1.1.1192.168.2.50x3a97No error (0)waws-prod-sn1-111.sip.azurewebsites.windows.netwaws-prod-sn1-111.southcentralus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:01.615988016 CEST1.1.1.1192.168.2.50x784bNo error (0)tn-api-prod-southcentralus.azurewebsites.netwaws-prod-sn1-111.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:01.615988016 CEST1.1.1.1192.168.2.50x784bNo error (0)waws-prod-sn1-111.sip.azurewebsites.windows.netwaws-prod-sn1-111.southcentralus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:11.894880056 CEST1.1.1.1192.168.2.50x2d0aNo error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:11.894880056 CEST1.1.1.1192.168.2.50x2d0aNo error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:24.992328882 CEST1.1.1.1192.168.2.50x5523No error (0)tn-api-prod-southcentralus.azurewebsites.netwaws-prod-sn1-111.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:24.992328882 CEST1.1.1.1192.168.2.50x5523No error (0)waws-prod-sn1-111.sip.azurewebsites.windows.netwaws-prod-sn1-111.southcentralus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:39.126976967 CEST1.1.1.1192.168.2.50x3c18No error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:39.126976967 CEST1.1.1.1192.168.2.50x3c18No error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:51.028788090 CEST1.1.1.1192.168.2.50x1ce6No error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:30:51.028788090 CEST1.1.1.1192.168.2.50x1ce6No error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:31:32.108129025 CEST1.1.1.1192.168.2.50xabe4No error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:31:32.108129025 CEST1.1.1.1192.168.2.50xabe4No error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:31:44.864377022 CEST1.1.1.1192.168.2.50xc0ccNo error (0)tn-api-prod-southcentralus.azurewebsites.netwaws-prod-sn1-111.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:31:44.864377022 CEST1.1.1.1192.168.2.50xc0ccNo error (0)waws-prod-sn1-111.sip.azurewebsites.windows.netwaws-prod-sn1-111.southcentralus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:32:09.899849892 CEST1.1.1.1192.168.2.50x5569No error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:32:09.899849892 CEST1.1.1.1192.168.2.50x5569No error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:32:38.121246099 CEST1.1.1.1192.168.2.50x7965No error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:32:38.121246099 CEST1.1.1.1192.168.2.50x7965No error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:32:46.884315014 CEST1.1.1.1192.168.2.50x7cbcNo error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:32:46.884315014 CEST1.1.1.1192.168.2.50x7cbcNo error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:33:00.773430109 CEST1.1.1.1192.168.2.50x3339No error (0)tn-api-prod-westus2.azurewebsites.netwaws-prod-mwh-053.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
        May 23, 2024 18:33:00.773430109 CEST1.1.1.1192.168.2.50x3339No error (0)waws-prod-mwh-053.sip.azurewebsites.windows.netwaws-prod-mwh-053-6a6c.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:12:28:55
        Start date:23/05/2024
        Path:C:\Users\user\Desktop\VisualStudioSetup.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\VisualStudioSetup.exe"
        Imagebase:0x900000
        File size:4'004'568 bytes
        MD5 hash:E81C3DCE4EBE9D90C39A0DC4A7782DCF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:2
        Start time:12:28:57
        Start date:23/05/2024
        Path:C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop"
        Imagebase:0x5f0000
        File size:413'752 bytes
        MD5 hash:4108506D8CDC3A03BB7E4496025EE902
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Antivirus matches:
        • Detection: 0%, ReversingLabs
        Reputation:low
        Has exited:false

        General

        Target ID:3
        Start time:12:28:58
        Start date:23/05/2024
        Path:C:\Windows\SysWOW64\getmac.exe
        Wow64 process (32bit):true
        Commandline:"getmac"
        Imagebase:0xde0000
        File size:65'024 bytes
        MD5 hash:31874C37626D02373768F72A64E76214
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:4
        Start time:12:28:58
        Start date:23/05/2024
        Path:C:\Windows\System32\conhost.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Imagebase:0x7ff6d64d0000
        File size:862'208 bytes
        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:5
        Start time:12:28:59
        Start date:23/05/2024
        Path:C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
        Imagebase:0x7e0000
        File size:418'304 bytes
        MD5 hash:64ACA4F48771A5BA50CD50F2410632AD
        Has elevated privileges:true
        Has administrator privileges:false
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:14.1%
          Dynamic/Decrypted Code Coverage:0%
          Signature Coverage:9%
          Total number of Nodes:2000
          Total number of Limit Nodes:54
          execution_graph 20029 927c90 20030 927cce 20029->20030 20035 927c9e pre_c_initialization 20029->20035 20031 927c1e __dosmaperr 14 API calls 20030->20031 20033 927ccc 20031->20033 20032 927cb9 RtlAllocateHeap 20032->20033 20032->20035 20034 92c362 pre_c_initialization 2 API calls 20034->20035 20035->20030 20035->20032 20035->20034 24495 91dd80 24496 91dd88 pre_c_initialization 24495->24496 24512 9270ca 24496->24512 24498 91dd93 pre_c_initialization 24519 91e089 24498->24519 24500 91de05 pre_c_initialization 24501 91e257 ___scrt_fastfail 4 API calls 24500->24501 24511 91de22 24500->24511 24503 91de2a ___scrt_initialize_default_local_stdio_options 24501->24503 24502 91dda8 __RTC_Initialize 24502->24500 24525 91e242 24502->24525 24505 91ddc1 pre_c_initialization 24505->24500 24528 91e4fb InitializeSListHead 24505->24528 24507 91ddd7 pre_c_initialization 24529 91e513 24507->24529 24509 91ddfa pre_c_initialization 24535 9271a7 24509->24535 24513 9270d9 24512->24513 24514 9270fc 24512->24514 24513->24514 24515 927c1e __dosmaperr 14 API calls 24513->24515 24514->24498 24516 9270ec 24515->24516 24517 927b3d __get_errno 43 API calls 24516->24517 24518 9270f7 24517->24518 24518->24498 24520 91e098 24519->24520 24521 91e09c 24519->24521 24520->24502 24522 91e257 ___scrt_fastfail 4 API calls 24521->24522 24524 91e0a9 pre_c_initialization ___scrt_release_startup_lock 24521->24524 24523 91e12d 24522->24523 24524->24502 24542 91e207 24525->24542 24528->24507 24577 92772c 24529->24577 24531 91e524 24532 91e52b 24531->24532 24533 91e257 ___scrt_fastfail 4 API calls 24531->24533 24532->24509 24534 91e533 24533->24534 24536 929499 pre_c_initialization 43 API calls 24535->24536 24537 9271b2 24536->24537 24538 927c1e __dosmaperr 14 API calls 24537->24538 24541 9271ea 24537->24541 24539 9271df 24538->24539 24540 927b3d __get_errno 43 API calls 24539->24540 24540->24541 24541->24500 24543 91e224 24542->24543 24544 91e22b 24542->24544 24548 9274d7 24543->24548 24551 927554 24544->24551 24547 91e229 24547->24505 24549 927554 __onexit 46 API calls 24548->24549 24550 9274e9 24549->24550 24550->24547 24554 9272a0 24551->24554 24555 9272ac __FrameHandler3::FrameUnwindToState 24554->24555 24562 92b781 EnterCriticalSection 24555->24562 24557 9272ba 24563 9272fb 24557->24563 24559 9272c7 24573 9272ef 24559->24573 24562->24557 24564 927316 24563->24564 24565 927389 pre_c_initialization __crt_fast_encode_pointer 24563->24565 24564->24565 24566 927369 24564->24566 24567 92c219 __onexit 46 API calls 24564->24567 24565->24559 24566->24565 24568 92c219 __onexit 46 API calls 24566->24568 24570 92735f 24567->24570 24569 92737f 24568->24569 24571 927c56 __freea 14 API calls 24569->24571 24572 927c56 __freea 14 API calls 24570->24572 24571->24565 24572->24566 24576 92b7d1 LeaveCriticalSection 24573->24576 24575 9272d8 24575->24547 24576->24575 24578 92774a pre_c_initialization 24577->24578 24582 92776a pre_c_initialization 24577->24582 24579 927c1e __dosmaperr 14 API calls 24578->24579 24580 927760 24579->24580 24581 927b3d __get_errno 43 API calls 24580->24581 24581->24582 24582->24531 24590 927180 24593 927107 24590->24593 24594 927113 __FrameHandler3::FrameUnwindToState 24593->24594 24601 92b781 EnterCriticalSection 24594->24601 24596 92711d 24597 92714b 24596->24597 24600 92c1c9 __vswprintf_c_l 14 API calls 24596->24600 24602 927169 24597->24602 24600->24596 24601->24596 24605 92b7d1 LeaveCriticalSection 24602->24605 24604 927157 24605->24604 22974 92978a GetStartupInfoW 22975 9297a7 22974->22975 22977 92983b 22974->22977 22975->22977 22980 92b90d 22975->22980 22978 9297cf 22978->22977 22979 9297ff GetFileType 22978->22979 22979->22978 22981 92b919 __FrameHandler3::FrameUnwindToState 22980->22981 22982 92b922 22981->22982 22983 92b943 22981->22983 22984 927c1e __dosmaperr 14 API calls 22982->22984 22993 92b781 EnterCriticalSection 22983->22993 22986 92b927 22984->22986 22988 927b3d __get_errno 43 API calls 22986->22988 22987 92b94f 22992 92b97b 22987->22992 22994 92b85d 22987->22994 22989 92b931 22988->22989 22989->22978 23001 92b9a2 22992->23001 22993->22987 22995 92997c pre_c_initialization 14 API calls 22994->22995 22997 92b86f 22995->22997 22996 92b87c 22998 927c56 __freea 14 API calls 22996->22998 22997->22996 23004 929d13 22997->23004 23000 92b8d1 22998->23000 23000->22987 23009 92b7d1 LeaveCriticalSection 23001->23009 23003 92b9a9 23003->22989 23005 929af2 pre_c_initialization 5 API calls 23004->23005 23006 929d2f 23005->23006 23007 929d4d InitializeCriticalSectionAndSpinCount 23006->23007 23008 929d38 23006->23008 23007->23008 23008->22997 23009->23003 23010 92778b 23011 927c56 __freea 14 API calls 23010->23011 23012 9277a3 23011->23012 23013 915fdc 23014 915feb __EH_prolog3_GS 23013->23014 23107 914b4d 23014->23107 23016 915ffe 23018 916025 23016->23018 23177 914f27 23016->23177 23027 9160cd 23018->23027 23114 915ae9 23018->23114 23020 914b4d RaiseException 23020->23018 23022 916081 23023 9160b4 23022->23023 23024 91608b 23022->23024 23026 914b4d RaiseException 23023->23026 23025 9143cc Concurrency::wait 7 API calls 23024->23025 23059 9160a5 23025->23059 23026->23027 23028 916196 23027->23028 23029 916134 23027->23029 23034 917167 RaiseException EnterCriticalSection LeaveCriticalSection 23028->23034 23039 91618c 23028->23039 23041 914667 RaiseException 23028->23041 23047 9170b6 3 API calls 23028->23047 23051 917140 3 API calls 23028->23051 23182 91590f 23029->23182 23030 91437a Concurrency::wait 7 API calls 23106 916259 23030->23106 23033 9143cc Concurrency::wait 7 API calls 23037 9161fb 23033->23037 23034->23028 23035 933016 5 API calls 23038 91683d 23035->23038 23036 914b4d RaiseException 23036->23039 23040 916207 23037->23040 23045 916260 23037->23045 23039->23033 23043 91437a Concurrency::wait 7 API calls 23040->23043 23041->23028 23042 916845 23044 9149e4 RaiseException 23042->23044 23046 916213 23043->23046 23048 91684a 23044->23048 23045->23042 23192 914c16 23045->23192 23050 91437a Concurrency::wait 7 API calls 23046->23050 23047->23028 23053 916222 23050->23053 23051->23028 23055 91437a Concurrency::wait 7 API calls 23053->23055 23054 914419 3 API calls 23071 91628a Concurrency::wait 23054->23071 23056 916231 23055->23056 23057 9143cc Concurrency::wait 7 API calls 23056->23057 23057->23059 23058 916314 23060 9170b6 3 API calls 23058->23060 23059->23030 23061 91632f 23060->23061 23063 916344 23061->23063 23066 9170b6 3 API calls 23061->23066 23064 91635e 23063->23064 23067 9170b6 3 API calls 23063->23067 23069 914734 10 API calls 23064->23069 23065 9334e6 3 API calls 23065->23071 23066->23063 23067->23064 23072 916382 23069->23072 23070 917167 3 API calls 23070->23071 23071->23058 23071->23065 23071->23070 23195 9125e0 23071->23195 23198 91256f 23071->23198 23073 914b4d RaiseException 23072->23073 23100 9163ca ~refcount_ptr 23073->23100 23074 9167bc 23075 91437a Concurrency::wait 7 API calls 23074->23075 23076 9167cb 23075->23076 23079 91437a Concurrency::wait 7 API calls 23076->23079 23078 9166bd 23078->23074 23081 917140 3 API calls 23078->23081 23080 9167da 23079->23080 23082 91437a Concurrency::wait 7 API calls 23080->23082 23081->23078 23083 9167e6 23082->23083 23088 91437a Concurrency::wait 7 API calls 23083->23088 23085 91599a 10 API calls 23085->23100 23089 9167f2 23088->23089 23094 91437a Concurrency::wait 7 API calls 23089->23094 23090 9170b6 3 API calls 23090->23100 23091 914734 10 API calls 23091->23100 23092 914b4d RaiseException 23092->23100 23093 914ada RaiseException EnterCriticalSection LeaveCriticalSection 23093->23100 23096 916801 23094->23096 23097 91437a Concurrency::wait 7 API calls 23096->23097 23098 916810 23097->23098 23101 9143cc Concurrency::wait 7 API calls 23098->23101 23099 916840 23247 9149e4 23099->23247 23100->23042 23100->23078 23100->23085 23100->23090 23100->23091 23100->23092 23100->23093 23100->23099 23104 91437a Concurrency::wait 7 API calls 23100->23104 23201 914c35 23100->23201 23211 9159f4 23100->23211 23223 915a3e 23100->23223 23238 91471b 23100->23238 23242 914b22 23100->23242 23103 91682a 23101->23103 23105 91437a Concurrency::wait 7 API calls 23103->23105 23104->23100 23105->23106 23106->23035 23110 914b67 __vswprintf_c_l 23107->23110 23108 9149e4 RaiseException 23109 914c15 23108->23109 23111 914b4d RaiseException 23109->23111 23110->23108 23112 914bd9 __vswprintf_c_l 23110->23112 23113 914c21 23111->23113 23112->23016 23113->23016 23115 915af8 __EH_prolog3_GS 23114->23115 23116 91590f 15 API calls 23115->23116 23129 915c0c Concurrency::wait ___scrt_fastfail 23116->23129 23117 915f28 7 API calls 23118 915e1b 23117->23118 23120 91437a Concurrency::wait 7 API calls 23118->23120 23121 915e27 23120->23121 23123 91437a Concurrency::wait 7 API calls 23121->23123 23122 917167 3 API calls 23122->23129 23124 915e33 23123->23124 23125 91437a Concurrency::wait 7 API calls 23124->23125 23126 915e3f 23125->23126 23128 91437a Concurrency::wait 7 API calls 23126->23128 23127 914667 RaiseException 23127->23129 23130 915e4e 23128->23130 23129->23122 23129->23127 23131 915f1d 23129->23131 23133 91718e 3 API calls 23129->23133 23136 915f22 23129->23136 23138 9334e6 RaiseException EnterCriticalSection LeaveCriticalSection 23129->23138 23146 91b235 175 API calls 23129->23146 23150 915e8d 23129->23150 23159 91031f 7 API calls 23129->23159 23162 915e0a 23129->23162 23250 9173d2 23129->23250 23132 91235c Concurrency::wait 7 API calls 23130->23132 23134 9149e4 RaiseException 23131->23134 23135 915e5a 23132->23135 23133->23129 23134->23136 23137 91437a Concurrency::wait 7 API calls 23135->23137 23139 9149e4 RaiseException 23136->23139 23140 915e69 23137->23140 23138->23129 23141 915f27 23139->23141 23142 91437a Concurrency::wait 7 API calls 23140->23142 23144 917065 Concurrency::wait 7 API calls 23141->23144 23143 915e77 23142->23143 23145 91437a Concurrency::wait 7 API calls 23143->23145 23147 915f60 23144->23147 23148 915e83 23145->23148 23146->23129 23149 91031f 7 API calls 23147->23149 23152 933016 5 API calls 23148->23152 23151 915f6c 23149->23151 23155 91031f 7 API calls 23150->23155 23153 915f86 7 API calls 23151->23153 23154 915e8a 23152->23154 23156 915f78 23153->23156 23154->23022 23157 915e99 23155->23157 23156->23022 23158 915f28 7 API calls 23157->23158 23160 915ea8 23158->23160 23159->23129 23161 91437a Concurrency::wait 7 API calls 23160->23161 23163 915eb4 23161->23163 23162->23117 23164 91437a Concurrency::wait 7 API calls 23163->23164 23165 915ec0 23164->23165 23166 91437a Concurrency::wait 7 API calls 23165->23166 23167 915ecc 23166->23167 23168 91437a Concurrency::wait 7 API calls 23167->23168 23169 915edb 23168->23169 23170 91235c Concurrency::wait 7 API calls 23169->23170 23171 915ee7 23170->23171 23172 91437a Concurrency::wait 7 API calls 23171->23172 23173 915ef6 23172->23173 23174 91437a Concurrency::wait 7 API calls 23173->23174 23175 915f06 23174->23175 23176 91437a Concurrency::wait 7 API calls 23175->23176 23176->23148 23179 914f33 23177->23179 23178 914b4d RaiseException 23178->23179 23179->23178 23180 914f52 23179->23180 23181 914b22 RaiseException 23179->23181 23180->23020 23181->23179 23183 914b4d RaiseException 23182->23183 23191 915921 23183->23191 23184 915994 23185 9149e4 RaiseException 23184->23185 23187 915999 23185->23187 23186 91598c 23186->23036 23189 914b4d RaiseException 23189->23191 23191->23184 23191->23186 23191->23189 23254 9155ef 23191->23254 23288 915353 23191->23288 23193 914b4d RaiseException 23192->23193 23194 914c21 23193->23194 23194->23054 23459 91294a 23195->23459 23197 9125f4 23197->23071 23199 91294a 3 API calls 23198->23199 23200 91258b 23199->23200 23200->23071 23202 914c58 23201->23202 23203 914cca 23202->23203 23204 914cc5 23202->23204 23205 914c7d 23202->23205 23206 9149e4 RaiseException 23203->23206 23208 9149e4 RaiseException 23204->23208 23207 914c8d 23205->23207 23210 91294a 3 API calls 23205->23210 23209 914ccf 23206->23209 23207->23100 23208->23203 23210->23207 23212 91471b RaiseException 23211->23212 23213 9159ff 23212->23213 23214 915a03 23213->23214 23215 915a12 23213->23215 23467 91599a 23214->23467 23217 9143cc Concurrency::wait 7 API calls 23215->23217 23218 915a1a 23217->23218 23220 914419 3 API calls 23218->23220 23219 915a10 23219->23100 23221 915a26 23220->23221 23221->23219 23222 917140 3 API calls 23221->23222 23222->23221 23224 915a4a __EH_prolog3_GS 23223->23224 23225 9159f4 10 API calls 23224->23225 23226 915a60 23225->23226 23227 914ada 3 API calls 23226->23227 23228 915a7a 23227->23228 23229 914419 3 API calls 23228->23229 23230 915a82 23229->23230 23231 915acf ~refcount_ptr 23230->23231 23232 915ae3 23230->23232 23233 9170b6 3 API calls 23230->23233 23234 933016 5 API calls 23231->23234 23235 9149e4 RaiseException 23232->23235 23233->23230 23236 915ae0 23234->23236 23237 915ae8 23235->23237 23236->23100 23239 9149d1 23238->23239 23240 91472a 23238->23240 23239->23100 23241 920817 __CxxThrowException@8 RaiseException 23239->23241 23240->23100 23241->23239 23243 914b37 23242->23243 23244 914b3d 23242->23244 23243->23244 23245 9149e4 RaiseException 23243->23245 23244->23100 23246 914b4c 23245->23246 23247->23042 23248 9149d1 23247->23248 23248->23247 23249 920817 __CxxThrowException@8 RaiseException 23248->23249 23249->23248 23251 9173ed Concurrency::wait 23250->23251 23252 91718e 3 API calls 23251->23252 23253 917407 BuildCatchObjectHelperInternal 23251->23253 23252->23253 23253->23129 23255 9155fb __EH_prolog3_GS 23254->23255 23256 9143cc Concurrency::wait 7 API calls 23255->23256 23257 915623 23256->23257 23258 914419 3 API calls 23257->23258 23261 91562d 23258->23261 23259 914c16 RaiseException 23259->23261 23260 914b4d RaiseException 23260->23261 23261->23259 23261->23260 23263 917167 3 API calls 23261->23263 23264 91569c 23261->23264 23265 914b22 RaiseException 23261->23265 23262 915756 23267 914b4d RaiseException 23262->23267 23285 91576a 23262->23285 23263->23261 23266 917167 3 API calls 23264->23266 23269 9156c2 23264->23269 23265->23261 23266->23264 23267->23285 23268 914667 RaiseException 23268->23269 23269->23262 23269->23268 23270 9170b6 RaiseException EnterCriticalSection LeaveCriticalSection 23269->23270 23272 914b4d RaiseException 23269->23272 23270->23269 23271 9158d6 23273 915907 23271->23273 23274 914734 10 API calls 23271->23274 23272->23269 23275 933016 5 API calls 23273->23275 23276 9158eb 23274->23276 23277 91590c 23275->23277 23279 9143cc Concurrency::wait 7 API calls 23276->23279 23277->23191 23278 914b22 RaiseException 23278->23285 23282 9158f5 23279->23282 23280 914b4d RaiseException 23280->23285 23282->23273 23283 917167 3 API calls 23282->23283 23283->23282 23284 91437a 7 API calls Concurrency::wait 23284->23285 23285->23271 23285->23278 23285->23280 23285->23284 23286 917140 RaiseException EnterCriticalSection LeaveCriticalSection 23285->23286 23287 917167 RaiseException EnterCriticalSection LeaveCriticalSection 23285->23287 23317 9151fe 23285->23317 23286->23285 23287->23285 23289 915362 __EH_prolog3_GS 23288->23289 23290 914c16 RaiseException 23289->23290 23291 915381 23290->23291 23354 914ada 23291->23354 23294 9143cc Concurrency::wait 7 API calls 23295 9153a8 23294->23295 23296 914419 3 API calls 23295->23296 23310 9153b0 23296->23310 23297 915518 23298 914b4d RaiseException 23297->23298 23315 915520 23298->23315 23299 914419 3 API calls 23309 915494 ~refcount_ptr 23299->23309 23300 9155e7 23302 933016 5 API calls 23300->23302 23301 9334e6 3 API calls 23301->23310 23305 9155ec 23302->23305 23304 914b4d RaiseException 23304->23315 23305->23191 23306 914b4d RaiseException 23306->23309 23307 917167 3 API calls 23307->23310 23308 914b22 RaiseException 23308->23315 23309->23297 23309->23299 23309->23306 23311 9170b6 3 API calls 23309->23311 23310->23301 23310->23307 23310->23309 23366 917232 23310->23366 23384 9127fc 23310->23384 23393 914f5a 23310->23393 23311->23309 23313 9151fe 10 API calls 23313->23315 23315->23300 23315->23304 23315->23308 23315->23313 23316 91437a 7 API calls Concurrency::wait 23315->23316 23316->23315 23318 9159f4 10 API calls 23317->23318 23319 915217 23318->23319 23320 9143cc Concurrency::wait 7 API calls 23319->23320 23321 91521f 23320->23321 23322 914419 3 API calls 23321->23322 23325 915228 23322->23325 23323 915262 23323->23285 23324 915269 23327 9149e4 RaiseException 23324->23327 23325->23323 23325->23324 23326 917167 3 API calls 23325->23326 23326->23325 23328 91526e 23327->23328 23329 914b4d RaiseException 23328->23329 23330 915280 23329->23330 23331 914c16 RaiseException 23330->23331 23332 915290 23331->23332 23333 9143cc Concurrency::wait 7 API calls 23332->23333 23334 9152a5 23333->23334 23335 914419 3 API calls 23334->23335 23339 9152ae 23335->23339 23336 9152cb 23337 914b4d RaiseException 23336->23337 23347 9152d3 23337->23347 23338 914b4d RaiseException 23338->23339 23339->23336 23339->23338 23341 9170b6 3 API calls 23339->23341 23340 915315 23342 91534b 23340->23342 23343 914734 10 API calls 23340->23343 23341->23339 23342->23285 23345 915327 23343->23345 23344 914b4d RaiseException 23344->23347 23348 914419 3 API calls 23345->23348 23346 9151fe 10 API calls 23346->23347 23347->23340 23347->23344 23347->23346 23349 914b22 RaiseException 23347->23349 23350 915330 23348->23350 23349->23347 23351 9143cc Concurrency::wait 7 API calls 23350->23351 23352 915338 23351->23352 23352->23342 23353 917167 3 API calls 23352->23353 23353->23352 23355 914ae6 ~refcount_ptr 23354->23355 23356 91471b RaiseException 23355->23356 23357 914af0 23356->23357 23358 914b16 23357->23358 23359 914c16 RaiseException 23357->23359 23358->23294 23360 914afc 23359->23360 23361 914b1c 23360->23361 23363 914b08 23360->23363 23362 9149e4 RaiseException 23361->23362 23364 914b21 23362->23364 23430 914a69 23363->23430 23367 91723e __EH_prolog3 23366->23367 23368 9143cc Concurrency::wait 7 API calls 23367->23368 23369 91725d 23368->23369 23370 914419 3 API calls 23369->23370 23371 917273 23370->23371 23372 91728b 23371->23372 23436 9170e4 23371->23436 23373 9143cc Concurrency::wait 7 API calls 23372->23373 23375 9172c1 23373->23375 23376 914419 3 API calls 23375->23376 23381 9172d7 23376->23381 23377 9172f7 23444 91738a 23377->23444 23379 9170b6 3 API calls 23379->23381 23380 91730d 23448 91733b 23380->23448 23381->23377 23381->23379 23383 91731d __FrameHandler3::FrameUnwindToState 23383->23310 23385 91437a Concurrency::wait 7 API calls 23384->23385 23386 91283c 23385->23386 23387 91437a Concurrency::wait 7 API calls 23386->23387 23388 91284f 23387->23388 23389 91437a Concurrency::wait 7 API calls 23388->23389 23390 912862 23389->23390 23454 912472 23390->23454 23394 914f66 __EH_prolog3_GS 23393->23394 23395 914c16 RaiseException 23394->23395 23396 914f79 23395->23396 23397 9143cc Concurrency::wait 7 API calls 23396->23397 23398 914f85 23397->23398 23399 914419 3 API calls 23398->23399 23407 914f8d __vswprintf_c_l Concurrency::wait 23399->23407 23400 9150e9 23402 9143cc Concurrency::wait 7 API calls 23400->23402 23401 9170e4 3 API calls 23401->23407 23403 9150fc 23402->23403 23404 914419 3 API calls 23403->23404 23405 915105 23404->23405 23412 914c16 RaiseException 23405->23412 23419 9170b6 3 API calls 23405->23419 23424 915137 23405->23424 23406 91471b RaiseException 23406->23407 23407->23400 23407->23401 23407->23406 23416 915194 23407->23416 23427 914c16 RaiseException 23407->23427 23428 91718e 3 API calls 23407->23428 23429 9146de RaiseException 23407->23429 23408 914419 3 API calls 23410 915153 23408->23410 23409 9149e4 RaiseException 23411 9151bf 23409->23411 23421 915196 23410->23421 23422 915158 23410->23422 23415 914b4d RaiseException 23411->23415 23412->23405 23413 9151b2 23418 933016 5 API calls 23413->23418 23414 915184 23414->23413 23414->23416 23420 9151e8 23415->23420 23416->23409 23417 914c16 RaiseException 23417->23421 23423 9151b7 23418->23423 23419->23405 23420->23310 23421->23413 23421->23417 23425 917167 3 API calls 23421->23425 23422->23414 23426 917167 3 API calls 23422->23426 23423->23310 23424->23408 23424->23416 23425->23421 23426->23414 23427->23407 23428->23407 23429->23407 23431 914a8a ~refcount_ptr 23430->23431 23432 9334e6 3 API calls 23431->23432 23433 914a9e 23432->23433 23434 917167 3 API calls 23433->23434 23435 914ab3 23434->23435 23435->23358 23437 9170f0 __EH_prolog3 23436->23437 23438 9334e6 3 API calls 23437->23438 23439 9170f9 23438->23439 23440 9173d2 3 API calls 23439->23440 23441 91711c 23440->23441 23442 917167 3 API calls 23441->23442 23443 917138 __FrameHandler3::FrameUnwindToState 23442->23443 23443->23371 23445 917396 __EH_prolog3 23444->23445 23446 917420 10 API calls 23445->23446 23447 9173c4 __FrameHandler3::FrameUnwindToState 23446->23447 23447->23380 23449 917347 __EH_prolog3 23448->23449 23450 9143cc Concurrency::wait 7 API calls 23449->23450 23451 917372 23450->23451 23452 917464 3 API calls 23451->23452 23453 91737c __FrameHandler3::FrameUnwindToState 23452->23453 23453->23383 23455 9143cc Concurrency::wait 7 API calls 23454->23455 23456 9124aa 23455->23456 23457 91437a Concurrency::wait 7 API calls 23456->23457 23458 9124b5 23457->23458 23458->23310 23460 91295d 23459->23460 23466 912980 Concurrency::wait 23459->23466 23461 9129bc 23460->23461 23462 912969 23460->23462 23463 920817 __CxxThrowException@8 RaiseException 23461->23463 23464 9334dd 3 API calls 23462->23464 23465 9129d1 23463->23465 23464->23466 23466->23197 23468 9143cc Concurrency::wait 7 API calls 23467->23468 23469 9159ab 23468->23469 23470 914419 3 API calls 23469->23470 23474 9159b7 23470->23474 23471 9159ed 23471->23219 23472 91471b RaiseException 23472->23474 23473 917140 3 API calls 23473->23474 23474->23471 23474->23472 23474->23473 19164 90a7e0 19165 90a7f8 19164->19165 19166 90a8ab 19164->19166 19167 90a8e8 GetDlgItem 19165->19167 19168 90a7fe 19165->19168 19166->19167 19169 90a8b9 19166->19169 19170 90a8e0 SendMessageW 19167->19170 19171 90a8fb GetLastError 19167->19171 19172 90a8a2 PostQuitMessage 19168->19172 19173 90a808 19168->19173 19174 90a849 19169->19174 19175 90a8c0 GetDlgItem 19169->19175 19170->19174 19176 90a906 19171->19176 19172->19174 19178 90a80d 19173->19178 19179 90a87e 19173->19179 19175->19170 19182 90a8d3 GetLastError 19175->19182 19202 90dcd9 19176->19202 19180 90a851 19178->19180 19181 90a815 19178->19181 19194 90a94e EnterCriticalSection 19179->19194 19185 90a86a SetEvent 19180->19185 19188 90a862 SetWindowTextW 19180->19188 19181->19174 19191 90a94e 12 API calls 19181->19191 19182->19176 19185->19174 19188->19185 19189 90a92d EndDialog 19189->19174 19190 90a896 KiUserCallbackDispatcher 19190->19174 19192 90a834 19191->19192 19192->19174 19193 90a83c SendMessageW 19192->19193 19193->19174 19195 90a970 19194->19195 19196 90a9b2 LeaveCriticalSection 19194->19196 19195->19196 19210 90ea1c 19195->19210 19197 90a886 19196->19197 19198 90a9bd 19196->19198 19197->19174 19197->19190 19216 90e635 GetProcessHeap HeapFree 19198->19216 19203 90dced 19202->19203 19204 90dd1d 19202->19204 19203->19204 19226 90e449 19203->19226 19206 90a927 19204->19206 19207 90e635 3 API calls 19204->19207 19206->19174 19206->19189 19207->19206 19211 90ea30 19210->19211 19213 90a98a MessageBoxW 19211->19213 19214 90ea3f LoadStringW 19211->19214 19220 90dfdf 19211->19220 19213->19196 19214->19211 19215 90ea63 GetLastError 19214->19215 19215->19213 19217 90e650 19216->19217 19218 90e64b 19216->19218 19217->19197 19225 90e9f4 GetLastError 19218->19225 19221 90e015 19220->19221 19222 90dfeb 19220->19222 19221->19211 19223 90dff4 GetProcessHeap HeapReAlloc 19222->19223 19224 90e006 GetProcessHeap HeapAlloc 19222->19224 19223->19221 19224->19221 19225->19217 19227 90e462 19226->19227 19228 90e45d 19226->19228 19230 90e499 19227->19230 19253 90ea0b GetProcessHeap HeapSize 19227->19253 19252 90ea0b GetProcessHeap HeapSize 19228->19252 19231 90e4b5 __vswprintf_c_l 19230->19231 19232 90e49d 19230->19232 19236 90e4ab 19231->19236 19239 90e55c 19231->19239 19259 926302 19231->19259 19254 90e027 19232->19254 19235 90e47d 19237 90dd04 19235->19237 19238 90e48e lstrlenA 19235->19238 19236->19231 19236->19237 19236->19239 19241 90e027 4 API calls 19236->19241 19237->19204 19243 90dc5d GetLocalTime 19237->19243 19238->19230 19239->19237 19242 90e635 3 API calls 19239->19242 19241->19236 19242->19237 19964 90dfc0 19243->19964 19250 91d981 CatchGuardHandler 5 API calls 19251 90dcd7 19250->19251 19251->19204 19252->19227 19253->19235 19255 90e033 19254->19255 19258 90e05b 19254->19258 19256 90e03a GetProcessHeap HeapReAlloc 19255->19256 19257 90e04c GetProcessHeap HeapAlloc 19255->19257 19256->19258 19257->19258 19258->19236 19260 926316 __vswprintf_c_l 19259->19260 19265 9218ba 19260->19265 19266 9218e6 19265->19266 19267 921909 19265->19267 19282 927ac0 19266->19282 19267->19266 19270 921911 __vswprintf_c_l 19267->19270 19291 923eae 19270->19291 19271 921a2c 19276 923770 19271->19276 19274 9218fe 19309 91d981 19274->19309 19277 92377c 19276->19277 19279 923793 19277->19279 19280 923a80 __vswprintf_c_l 43 API calls 19277->19280 19278 9237a6 19278->19231 19279->19278 19281 923a80 __vswprintf_c_l 43 API calls 19279->19281 19280->19279 19281->19278 19283 927ad0 19282->19283 19284 927ad7 19282->19284 19316 923a30 GetLastError 19283->19316 19290 927ae5 19284->19290 19320 927918 19284->19320 19287 927b0c 19287->19290 19323 927b4d IsProcessorFeaturePresent 19287->19323 19289 927b3c 19290->19274 19458 926026 19291->19458 19294 923ed5 19296 927ac0 __vswprintf_c_l 29 API calls 19294->19296 19295 921992 19306 9237ac 19295->19306 19296->19295 19301 923f00 __vswprintf_c_l 19301->19295 19302 924107 19301->19302 19462 925fb0 19301->19462 19469 923adc 19301->19469 19472 92482e 19301->19472 19506 924ca8 19301->19506 19303 927ac0 __vswprintf_c_l 29 API calls 19302->19303 19304 924123 19303->19304 19305 927ac0 __vswprintf_c_l 29 API calls 19304->19305 19305->19295 19307 927c56 __freea 14 API calls 19306->19307 19308 9237bc 19307->19308 19308->19274 19310 91d98a 19309->19310 19311 91d98c IsProcessorFeaturePresent 19309->19311 19310->19271 19313 91dc9a 19311->19313 19963 91dc5e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19313->19963 19315 91dd7d 19315->19271 19317 923a49 19316->19317 19327 92969b 19317->19327 19321 927923 GetLastError SetLastError 19320->19321 19322 92793c 19320->19322 19321->19287 19322->19287 19324 927b59 19323->19324 19452 927941 19324->19452 19328 9296b4 19327->19328 19329 9296ae 19327->19329 19348 923a65 SetLastError 19328->19348 19354 929cd1 19328->19354 19349 929c92 19329->19349 19335 9296e6 19337 929cd1 pre_c_initialization 6 API calls 19335->19337 19336 9296fb 19338 929cd1 pre_c_initialization 6 API calls 19336->19338 19340 9296f2 19337->19340 19339 929707 19338->19339 19341 92971a 19339->19341 19342 92970b 19339->19342 19366 927c56 19340->19366 19372 9292b9 19341->19372 19343 929cd1 pre_c_initialization 6 API calls 19342->19343 19343->19340 19347 927c56 __freea 14 API calls 19347->19348 19348->19284 19377 929af2 19349->19377 19351 929cae 19352 929cb7 19351->19352 19353 929cc9 TlsGetValue 19351->19353 19352->19328 19355 929af2 pre_c_initialization 5 API calls 19354->19355 19356 929ced 19355->19356 19357 9296ce 19356->19357 19358 929d0b TlsSetValue 19356->19358 19357->19348 19359 92997c 19357->19359 19360 929989 pre_c_initialization 19359->19360 19361 9299c9 19360->19361 19362 9299b4 RtlAllocateHeap 19360->19362 19391 92c362 19360->19391 19394 927c1e 19361->19394 19362->19360 19363 9296de 19362->19363 19363->19335 19363->19336 19367 927c61 RtlFreeHeap 19366->19367 19368 927c8b 19366->19368 19367->19368 19369 927c76 GetLastError 19367->19369 19368->19348 19370 927c83 __dosmaperr 19369->19370 19371 927c1e __dosmaperr 12 API calls 19370->19371 19371->19368 19426 92914d 19372->19426 19378 929b20 19377->19378 19379 929b1c __crt_fast_encode_pointer 19377->19379 19378->19379 19383 929a27 19378->19383 19379->19351 19382 929b3a GetProcAddress 19382->19379 19389 929a38 try_get_first_available_module 19383->19389 19384 929ace 19384->19379 19384->19382 19385 929a56 LoadLibraryExW 19386 929a71 GetLastError 19385->19386 19387 929ad5 19385->19387 19386->19389 19387->19384 19388 929ae7 FreeLibrary 19387->19388 19388->19384 19389->19384 19389->19385 19390 929aa4 LoadLibraryExW 19389->19390 19390->19387 19390->19389 19397 92c38f 19391->19397 19403 9295ea GetLastError 19394->19403 19396 927c23 19396->19363 19398 92c39b __FrameHandler3::FrameUnwindToState 19397->19398 19399 92b781 __onexit EnterCriticalSection 19398->19399 19400 92c3a6 19399->19400 19401 92c3e2 pre_c_initialization LeaveCriticalSection 19400->19401 19402 92c36d 19401->19402 19402->19360 19404 929600 19403->19404 19405 929606 19403->19405 19406 929c92 pre_c_initialization 6 API calls 19404->19406 19407 929cd1 pre_c_initialization 6 API calls 19405->19407 19409 92960a SetLastError 19405->19409 19406->19405 19408 929622 19407->19408 19408->19409 19411 92997c pre_c_initialization 12 API calls 19408->19411 19409->19396 19412 929637 19411->19412 19413 929650 19412->19413 19414 92963f 19412->19414 19416 929cd1 pre_c_initialization 6 API calls 19413->19416 19415 929cd1 pre_c_initialization 6 API calls 19414->19415 19418 92964d 19415->19418 19417 92965c 19416->19417 19419 929660 19417->19419 19420 929677 19417->19420 19422 927c56 __freea 12 API calls 19418->19422 19421 929cd1 pre_c_initialization 6 API calls 19419->19421 19423 9292b9 pre_c_initialization 12 API calls 19420->19423 19421->19418 19422->19409 19424 929682 19423->19424 19425 927c56 __freea 12 API calls 19424->19425 19425->19409 19427 929159 __FrameHandler3::FrameUnwindToState 19426->19427 19440 92b781 EnterCriticalSection 19427->19440 19429 929163 19441 929193 19429->19441 19432 92925f 19433 92926b __FrameHandler3::FrameUnwindToState 19432->19433 19444 92b781 EnterCriticalSection 19433->19444 19435 929275 19445 92944e 19435->19445 19437 92928d 19449 9292ad 19437->19449 19440->19429 19442 92b7d1 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 19441->19442 19443 929181 19442->19443 19443->19432 19444->19435 19446 929484 pre_c_initialization 19445->19446 19447 92945d pre_c_initialization 19445->19447 19446->19437 19447->19446 19448 92befc pre_c_initialization 14 API calls 19447->19448 19448->19446 19450 92b7d1 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 19449->19450 19451 92929b 19450->19451 19451->19347 19453 92795d ___scrt_fastfail 19452->19453 19454 927989 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19453->19454 19455 927a5a ___scrt_fastfail 19454->19455 19456 91d981 CatchGuardHandler 5 API calls 19455->19456 19457 927a78 GetCurrentProcess TerminateProcess 19456->19457 19457->19289 19459 923ec7 19458->19459 19460 926031 19458->19460 19459->19294 19459->19295 19459->19301 19461 927ac0 __vswprintf_c_l 29 API calls 19460->19461 19461->19459 19535 923a80 19462->19535 19718 921ece 19469->19718 19471 923b17 19471->19301 19473 924835 19472->19473 19474 92484c 19472->19474 19475 924d40 19473->19475 19476 924ccf 19473->19476 19483 92488b 19473->19483 19477 927ac0 __vswprintf_c_l 29 API calls 19474->19477 19474->19483 19479 924d93 19475->19479 19480 924d45 19475->19480 19481 924cd5 19476->19481 19482 924d6d 19476->19482 19478 924880 19477->19478 19478->19301 19479->19482 19491 924d12 19479->19491 19504 924cf7 __vswprintf_c_l 19479->19504 19484 924d87 19480->19484 19485 924d47 19480->19485 19486 924cdb 19481->19486 19481->19491 19760 9229c9 19482->19760 19483->19301 19777 925de8 19484->19777 19488 924d4c 19485->19488 19497 924ce9 19485->19497 19492 924d27 19486->19492 19486->19497 19486->19504 19488->19482 19493 924d51 19488->19493 19505 924d0b __vswprintf_c_l 19491->19505 19741 922cc8 19491->19741 19492->19505 19748 925bee 19492->19748 19495 924d56 19493->19495 19496 924d64 19493->19496 19495->19505 19752 925dae 19495->19752 19756 925d2a 19496->19756 19497->19504 19497->19505 19767 9258c4 19497->19767 19499 91d981 CatchGuardHandler 5 API calls 19502 925034 19499->19502 19502->19301 19504->19505 19780 928bb6 19504->19780 19505->19499 19507 924d40 19506->19507 19508 924ccf 19506->19508 19509 924d93 19507->19509 19510 924d45 19507->19510 19511 924cd5 19508->19511 19512 924d6d 19508->19512 19509->19512 19521 924d12 19509->19521 19533 924cf7 __vswprintf_c_l 19509->19533 19513 924d87 19510->19513 19514 924d47 19510->19514 19515 924cdb 19511->19515 19511->19521 19518 9229c9 __vswprintf_c_l 30 API calls 19512->19518 19517 925de8 __vswprintf_c_l 30 API calls 19513->19517 19516 924d4c 19514->19516 19526 924ce9 19514->19526 19522 924d27 19515->19522 19515->19526 19515->19533 19516->19512 19520 924d51 19516->19520 19517->19533 19518->19533 19519 9258c4 __vswprintf_c_l 46 API calls 19519->19533 19523 924d56 19520->19523 19524 924d64 19520->19524 19525 922cc8 __vswprintf_c_l 30 API calls 19521->19525 19534 924d0b __vswprintf_c_l 19521->19534 19529 925bee __vswprintf_c_l 45 API calls 19522->19529 19522->19534 19530 925dae __vswprintf_c_l 30 API calls 19523->19530 19523->19534 19528 925d2a __vswprintf_c_l 29 API calls 19524->19528 19525->19533 19526->19519 19526->19533 19526->19534 19527 91d981 CatchGuardHandler 5 API calls 19531 925034 19527->19531 19528->19533 19529->19533 19530->19533 19531->19301 19532 928bb6 __vswprintf_c_l 45 API calls 19532->19533 19533->19532 19533->19534 19534->19527 19536 923a8e GetLastError 19535->19536 19537 923acf 19535->19537 19538 923a9d 19536->19538 19544 927fdd 19537->19544 19539 92969b __vswprintf_c_l 14 API calls 19538->19539 19540 923aba SetLastError 19539->19540 19540->19537 19541 923ad6 19540->19541 19552 92780b 19541->19552 19545 927ff4 19544->19545 19547 925fdd 19544->19547 19545->19547 19648 92c148 19545->19648 19548 92803b 19547->19548 19549 928052 19548->19549 19550 925fea 19548->19550 19549->19550 19698 92b208 19549->19698 19550->19301 19563 92c4b9 19552->19563 19555 92781b 19556 927844 19555->19556 19557 927825 IsProcessorFeaturePresent 19555->19557 19593 927078 19556->19593 19559 927831 19557->19559 19561 927941 __FrameHandler3::FrameUnwindToState 8 API calls 19559->19561 19561->19556 19596 92c3eb 19563->19596 19566 92c4fe 19567 92c50a __FrameHandler3::FrameUnwindToState 19566->19567 19568 9295ea __dosmaperr 14 API calls 19567->19568 19572 92c537 __FrameHandler3::FrameUnwindToState 19567->19572 19575 92c531 __FrameHandler3::FrameUnwindToState 19567->19575 19568->19575 19569 92c57e 19570 927c1e __dosmaperr 14 API calls 19569->19570 19571 92c583 19570->19571 19602 927b3d 19571->19602 19574 92c5aa 19572->19574 19604 92b781 EnterCriticalSection 19572->19604 19579 92c5ec 19574->19579 19580 92c6dd 19574->19580 19590 92c61b 19574->19590 19575->19569 19575->19572 19576 92c568 19575->19576 19576->19555 19579->19590 19605 929499 GetLastError 19579->19605 19581 92c6e8 19580->19581 19636 92b7d1 LeaveCriticalSection 19580->19636 19584 927078 __FrameHandler3::FrameUnwindToState 23 API calls 19581->19584 19586 92c6f0 19584->19586 19587 929499 pre_c_initialization 43 API calls 19591 92c670 19587->19591 19589 929499 pre_c_initialization 43 API calls 19589->19590 19632 92c68a 19590->19632 19591->19576 19592 929499 pre_c_initialization 43 API calls 19591->19592 19592->19576 19637 926edd 19593->19637 19597 92c3f7 __FrameHandler3::FrameUnwindToState 19596->19597 19598 92b781 __onexit EnterCriticalSection 19597->19598 19599 92c405 19598->19599 19600 92c443 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 19599->19600 19601 927810 19600->19601 19601->19555 19601->19566 19603 927a89 __get_errno 43 API calls 19602->19603 19604->19574 19606 9294b5 19605->19606 19607 9294af 19605->19607 19609 929cd1 pre_c_initialization 6 API calls 19606->19609 19611 9294b9 SetLastError 19606->19611 19608 929c92 pre_c_initialization 6 API calls 19607->19608 19608->19606 19610 9294d1 19609->19610 19610->19611 19613 92997c pre_c_initialization 14 API calls 19610->19613 19615 929549 19611->19615 19616 92954e 19611->19616 19614 9294e6 19613->19614 19617 9294ee 19614->19617 19618 9294ff 19614->19618 19615->19589 19619 92780b __FrameHandler3::FrameUnwindToState 41 API calls 19616->19619 19620 929cd1 pre_c_initialization 6 API calls 19617->19620 19621 929cd1 pre_c_initialization 6 API calls 19618->19621 19622 929553 19619->19622 19629 9294fc 19620->19629 19623 92950b 19621->19623 19624 929526 19623->19624 19625 92950f 19623->19625 19628 9292b9 pre_c_initialization 14 API calls 19624->19628 19626 929cd1 pre_c_initialization 6 API calls 19625->19626 19626->19629 19627 927c56 __freea 14 API calls 19627->19611 19630 929531 19628->19630 19629->19627 19631 927c56 __freea 14 API calls 19630->19631 19631->19611 19633 92c690 19632->19633 19635 92c661 19632->19635 19634 92b7d1 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 19633->19634 19634->19635 19635->19576 19635->19587 19635->19591 19636->19581 19638 926f0a 19637->19638 19647 926f1b 19637->19647 19640 91e3b3 __FrameHandler3::FrameUnwindToState GetModuleHandleW 19638->19640 19639 926da5 __FrameHandler3::FrameUnwindToState 14 API calls 19641 926f53 19639->19641 19643 926f0f 19640->19643 19642 926f59 19641->19642 19644 926f74 __FrameHandler3::FrameUnwindToState 13 API calls 19641->19644 19645 926fc9 __FrameHandler3::FrameUnwindToState GetModuleHandleExW GetProcAddress FreeLibrary 19643->19645 19643->19647 19646 926f6e 19644->19646 19645->19647 19647->19639 19649 92c154 __FrameHandler3::FrameUnwindToState 19648->19649 19650 929499 pre_c_initialization 43 API calls 19649->19650 19651 92c15d 19650->19651 19658 92c1a3 19651->19658 19661 92b781 EnterCriticalSection 19651->19661 19653 92c17b 19662 92c1c9 19653->19662 19658->19547 19659 92780b __FrameHandler3::FrameUnwindToState 43 API calls 19660 92c1c8 19659->19660 19661->19653 19663 92c1d7 pre_c_initialization 19662->19663 19665 92c18c 19662->19665 19663->19665 19669 92befc 19663->19669 19666 92c1a8 19665->19666 19697 92b7d1 LeaveCriticalSection 19666->19697 19668 92c19f 19668->19658 19668->19659 19670 92bf7c 19669->19670 19674 92bf12 19669->19674 19671 92bfca 19670->19671 19673 927c56 __freea 14 API calls 19670->19673 19672 92c06d pre_c_initialization 14 API calls 19671->19672 19680 92bfd8 19672->19680 19675 92bf9e 19673->19675 19674->19670 19676 92bf45 19674->19676 19682 927c56 __freea 14 API calls 19674->19682 19677 927c56 __freea 14 API calls 19675->19677 19678 92bf67 19676->19678 19684 927c56 __freea 14 API calls 19676->19684 19679 92bfb1 19677->19679 19681 927c56 __freea 14 API calls 19678->19681 19683 927c56 __freea 14 API calls 19679->19683 19686 92c038 19680->19686 19695 927c56 14 API calls __freea 19680->19695 19685 92bf71 19681->19685 19687 92bf3a 19682->19687 19689 92bfbf 19683->19689 19690 92bf5c 19684->19690 19691 927c56 __freea 14 API calls 19685->19691 19692 927c56 __freea 14 API calls 19686->19692 19688 92bb06 ___free_lconv_mon 14 API calls 19687->19688 19688->19676 19693 927c56 __freea 14 API calls 19689->19693 19694 92bc04 pre_c_initialization 14 API calls 19690->19694 19691->19670 19696 92c03e 19692->19696 19693->19671 19694->19678 19695->19680 19696->19665 19697->19668 19699 929499 pre_c_initialization 43 API calls 19698->19699 19700 92b20d 19699->19700 19703 92b113 19700->19703 19704 92b11f __FrameHandler3::FrameUnwindToState 19703->19704 19705 92b139 19704->19705 19714 92b781 EnterCriticalSection 19704->19714 19707 92b140 19705->19707 19710 92780b __FrameHandler3::FrameUnwindToState 43 API calls 19705->19710 19707->19550 19708 92b175 19715 92b192 19708->19715 19711 92b1b2 19710->19711 19712 92b149 19712->19708 19713 927c56 __freea 14 API calls 19712->19713 19713->19708 19714->19712 19716 92b7d1 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 19715->19716 19717 92b199 19716->19717 19717->19705 19728 92600b 19718->19728 19720 921ee0 19721 921ef5 19720->19721 19724 921f28 19720->19724 19727 921f10 __vswprintf_c_l 19720->19727 19722 927ac0 __vswprintf_c_l 29 API calls 19721->19722 19722->19727 19723 921fbf 19725 925f4d __vswprintf_c_l 43 API calls 19723->19725 19724->19723 19735 925f4d 19724->19735 19725->19727 19727->19471 19729 926023 19728->19729 19730 926010 19728->19730 19729->19720 19731 927c1e __dosmaperr 14 API calls 19730->19731 19732 926015 19731->19732 19733 927b3d __get_errno 43 API calls 19732->19733 19734 926020 19733->19734 19734->19720 19736 925f72 19735->19736 19737 925f5e 19735->19737 19736->19723 19737->19736 19738 927c1e __dosmaperr 14 API calls 19737->19738 19739 925f67 19738->19739 19740 927b3d __get_errno 43 API calls 19739->19740 19740->19736 19742 922cdc __vswprintf_c_l 19741->19742 19743 922d25 19742->19743 19744 922cfe 19742->19744 19746 922d1b __vswprintf_c_l 19743->19746 19790 921d1b 19743->19790 19745 927ac0 __vswprintf_c_l 29 API calls 19744->19745 19745->19746 19746->19504 19749 925c09 __vswprintf_c_l 19748->19749 19750 925c40 19749->19750 19751 928bb6 __vswprintf_c_l 45 API calls 19749->19751 19750->19504 19751->19750 19753 925dba 19752->19753 19811 9226ca 19753->19811 19755 925dca 19755->19504 19758 925d3f __vswprintf_c_l 19756->19758 19757 927ac0 __vswprintf_c_l 29 API calls 19759 925d60 19757->19759 19758->19757 19758->19759 19759->19504 19761 9229dd __vswprintf_c_l 19760->19761 19762 9229ff 19761->19762 19764 922a26 19761->19764 19763 927ac0 __vswprintf_c_l 29 API calls 19762->19763 19766 922a1c __vswprintf_c_l 19763->19766 19765 921d1b __vswprintf_c_l 15 API calls 19764->19765 19764->19766 19765->19766 19766->19504 19768 9258de 19767->19768 19769 921d1b __vswprintf_c_l 15 API calls 19768->19769 19770 92591f __vswprintf_c_l 19769->19770 19818 928a35 19770->19818 19773 925fb0 __vswprintf_c_l 43 API calls 19774 9259cd __vswprintf_c_l 19773->19774 19775 925fb0 __vswprintf_c_l 43 API calls 19774->19775 19776 925a00 __vswprintf_c_l 19774->19776 19775->19776 19776->19504 19776->19776 19778 922cc8 __vswprintf_c_l 30 API calls 19777->19778 19779 925dfd 19778->19779 19779->19504 19781 928bcb 19780->19781 19782 925fb0 __vswprintf_c_l 43 API calls 19781->19782 19783 928c0c 19781->19783 19787 928bf8 ___scrt_fastfail 19781->19787 19789 928bcf __vswprintf_c_l ___scrt_fastfail 19781->19789 19782->19783 19783->19787 19783->19789 19960 92b5a5 19783->19960 19784 927ac0 __vswprintf_c_l 29 API calls 19784->19789 19786 928cc7 19788 928cdd GetLastError 19786->19788 19786->19789 19787->19784 19787->19789 19788->19787 19788->19789 19789->19504 19791 921d42 19790->19791 19800 921d30 19790->19800 19791->19800 19801 927c90 19791->19801 19794 921d79 19808 9237c6 19794->19808 19795 921d6e 19796 927c56 __freea 14 API calls 19795->19796 19796->19800 19799 927c56 __freea 14 API calls 19799->19800 19800->19746 19802 927cce 19801->19802 19807 927c9e pre_c_initialization 19801->19807 19803 927c1e __dosmaperr 14 API calls 19802->19803 19805 921d66 19803->19805 19804 927cb9 RtlAllocateHeap 19804->19805 19804->19807 19805->19794 19805->19795 19806 92c362 pre_c_initialization 2 API calls 19806->19807 19807->19802 19807->19804 19807->19806 19809 927c56 __freea 14 API calls 19808->19809 19810 921d84 19809->19810 19810->19799 19812 9226de __vswprintf_c_l 19811->19812 19813 922700 19812->19813 19816 922727 19812->19816 19814 927ac0 __vswprintf_c_l 29 API calls 19813->19814 19815 92271d __vswprintf_c_l 19814->19815 19815->19755 19816->19815 19817 921d1b __vswprintf_c_l 15 API calls 19816->19817 19817->19815 19819 928a6a 19818->19819 19821 928a46 19818->19821 19819->19821 19822 928a9d __vswprintf_c_l 19819->19822 19820 927ac0 __vswprintf_c_l 29 API calls 19832 9259a9 19820->19832 19821->19820 19823 928ad6 19822->19823 19824 928b05 19822->19824 19837 9288d9 19823->19837 19825 928b2e 19824->19825 19826 928b33 19824->19826 19829 928b95 19825->19829 19830 928b5b 19825->19830 19845 928171 19826->19845 19872 92849d 19829->19872 19833 928b60 19830->19833 19834 928b7b 19830->19834 19832->19773 19832->19774 19855 92880a 19833->19855 19865 928686 19834->19865 19838 9288ef 19837->19838 19839 9288fa 19837->19839 19838->19832 19879 9277b1 19839->19879 19842 92895f 19842->19832 19843 927b4d __vswprintf_c_l 11 API calls 19844 92896d 19843->19844 19846 928184 19845->19846 19847 928193 19846->19847 19848 9281b5 19846->19848 19850 927ac0 __vswprintf_c_l 29 API calls 19847->19850 19849 9281cf 19848->19849 19852 928224 19848->19852 19851 92849d __vswprintf_c_l 45 API calls 19849->19851 19854 9281ab __alldvrm __vswprintf_c_l ___scrt_fastfail _strrchr 19850->19854 19851->19854 19853 925fb0 __vswprintf_c_l 43 API calls 19852->19853 19852->19854 19853->19854 19854->19832 19888 92d218 19855->19888 19859 928878 19860 92887f 19859->19860 19861 9288b8 19859->19861 19863 928891 19859->19863 19860->19832 19948 928541 19861->19948 19944 92871c 19863->19944 19866 92d218 __vswprintf_c_l 45 API calls 19865->19866 19867 9286b5 19866->19867 19868 92cc93 __vswprintf_c_l 29 API calls 19867->19868 19869 9286f6 19868->19869 19870 9286fd 19869->19870 19871 92871c __vswprintf_c_l 43 API calls 19869->19871 19870->19832 19871->19870 19873 92d218 __vswprintf_c_l 45 API calls 19872->19873 19874 9284c7 19873->19874 19875 92cc93 __vswprintf_c_l 29 API calls 19874->19875 19876 928515 19875->19876 19877 92851c 19876->19877 19878 928541 __vswprintf_c_l 43 API calls 19876->19878 19877->19832 19878->19877 19880 9277bf 19879->19880 19882 9277cd 19879->19882 19880->19882 19886 9277e5 19880->19886 19881 927c1e __dosmaperr 14 API calls 19883 9277d5 19881->19883 19882->19881 19884 927b3d __get_errno 43 API calls 19883->19884 19885 9277df 19884->19885 19885->19842 19885->19843 19886->19885 19887 927c1e __dosmaperr 14 API calls 19886->19887 19887->19883 19889 92d24c __vswprintf_c_l 19888->19889 19890 92772c pre_c_initialization 43 API calls 19889->19890 19892 92d2b5 __vswprintf_c_l 19890->19892 19891 92d2e1 19894 9277b1 ___std_exception_copy 43 API calls 19891->19894 19892->19891 19893 92d371 19892->19893 19895 92d34e 19892->19895 19896 92d30e 19892->19896 19900 930770 __vswprintf_c_l 21 API calls 19893->19900 19897 92d33e 19894->19897 19898 9277b1 ___std_exception_copy 43 API calls 19895->19898 19896->19891 19896->19893 19899 92e744 19897->19899 19904 92d349 __vswprintf_c_l 19897->19904 19898->19897 19901 927b4d __vswprintf_c_l 11 API calls 19899->19901 19902 92d3f7 19900->19902 19903 92e750 19901->19903 19905 930880 __floor_pentium4 21 API calls 19902->19905 19906 91d981 CatchGuardHandler 5 API calls 19904->19906 19908 92d401 __vswprintf_c_l 19905->19908 19907 92883a 19906->19907 19938 92cc93 19907->19938 19909 92d660 __vswprintf_c_l 19908->19909 19913 92d4a0 __vswprintf_c_l 19908->19913 19918 92d6fd 19908->19918 19912 92b423 __vswprintf_c_l 43 API calls 19909->19912 19909->19918 19910 92d915 19911 92b423 __vswprintf_c_l 43 API calls 19910->19911 19920 92d889 ___scrt_fastfail 19910->19920 19911->19920 19912->19918 19917 92b423 __vswprintf_c_l 43 API calls 19913->19917 19921 92d53d 19913->19921 19914 92d842 19915 92b423 __vswprintf_c_l 43 API calls 19914->19915 19914->19920 19915->19920 19916 92b423 __vswprintf_c_l 43 API calls 19919 92d658 19916->19919 19917->19921 19918->19910 19918->19914 19931 92df3b __vswprintf_c_l ___scrt_fastfail 19919->19931 19935 92da43 __vswprintf_c_l ___scrt_fastfail 19919->19935 19920->19916 19922 92b423 __vswprintf_c_l 43 API calls 19921->19922 19922->19919 19923 92e47c 19924 92cd90 __vswprintf_c_l 43 API calls 19923->19924 19929 92e4c4 19924->19929 19925 92de4a 19926 92df29 19925->19926 19927 92b423 __vswprintf_c_l 43 API calls 19925->19927 19926->19923 19928 92b423 __vswprintf_c_l 43 API calls 19926->19928 19927->19926 19928->19923 19930 92e53f 19929->19930 19932 92b423 __vswprintf_c_l 43 API calls 19929->19932 19930->19904 19936 92cd90 __vswprintf_c_l 43 API calls 19930->19936 19937 92b423 __vswprintf_c_l 43 API calls 19930->19937 19931->19925 19933 92b423 43 API calls __vswprintf_c_l 19931->19933 19932->19930 19933->19931 19934 92b423 43 API calls __vswprintf_c_l 19934->19935 19935->19925 19935->19934 19936->19930 19937->19930 19939 92cca4 19938->19939 19941 92ccc6 19938->19941 19940 927ac0 __vswprintf_c_l 29 API calls 19939->19940 19943 92ccbc __vswprintf_c_l BuildCatchObjectHelperInternal 19940->19943 19942 927ac0 __vswprintf_c_l 29 API calls 19941->19942 19941->19943 19942->19943 19943->19859 19945 928739 __vswprintf_c_l 19944->19945 19946 925fb0 __vswprintf_c_l 43 API calls 19945->19946 19947 9287bd __vswprintf_c_l ___scrt_fastfail 19945->19947 19946->19947 19947->19860 19949 928553 19948->19949 19950 92855d 19949->19950 19953 92857e __vswprintf_c_l 19949->19953 19951 927ac0 __vswprintf_c_l 29 API calls 19950->19951 19959 928575 BuildCatchObjectHelperInternal 19951->19959 19952 9285d3 19954 9277b1 ___std_exception_copy 43 API calls 19952->19954 19953->19952 19955 925fb0 __vswprintf_c_l 43 API calls 19953->19955 19956 92860b 19954->19956 19955->19952 19957 927b4d __vswprintf_c_l 11 API calls 19956->19957 19956->19959 19959->19860 19962 92b5bc WideCharToMultiByte 19960->19962 19962->19786 19963->19315 19986 90df93 19964->19986 19967 90dc2b 19969 90dc37 19967->19969 19968 90dc5b 19971 90de8e 19968->19971 19969->19968 19970 90de8e 63 API calls 19969->19970 19970->19968 19972 90e449 58 API calls 19971->19972 19973 90deb5 19972->19973 19974 90debe lstrlenA 19973->19974 19978 90df2a 19973->19978 19975 90def3 19974->19975 19976 90decc WriteFile 19974->19976 19975->19978 19981 90def9 WriteFile 19975->19981 19979 90df48 GetLastError 19976->19979 19980 90dee9 19976->19980 19977 90df35 19983 91d981 CatchGuardHandler 5 API calls 19977->19983 19978->19977 19982 90e635 3 API calls 19978->19982 19979->19978 19980->19975 19980->19976 19981->19978 19984 90df16 GetLastError 19981->19984 19982->19977 19985 90dcc9 19983->19985 19984->19978 19985->19250 19987 90dfaa __vswprintf_c_l 19986->19987 19990 926343 19987->19990 19991 926357 __vswprintf_c_l 19990->19991 19996 921bb1 19991->19996 19994 923770 __vswprintf_c_l 43 API calls 19995 90dcac 19994->19995 19995->19967 19997 921be0 19996->19997 19998 921bbd 19996->19998 20003 921c07 19997->20003 20004 9215c3 19997->20004 19999 927ac0 __vswprintf_c_l 29 API calls 19998->19999 20002 921bd8 19999->20002 20000 927ac0 __vswprintf_c_l 29 API calls 20000->20002 20002->19994 20003->20000 20003->20002 20005 921612 20004->20005 20006 9215ef 20004->20006 20005->20006 20010 92161a __vswprintf_c_l 20005->20010 20007 927ac0 __vswprintf_c_l 29 API calls 20006->20007 20008 921607 20007->20008 20009 91d981 CatchGuardHandler 5 API calls 20008->20009 20011 921735 20009->20011 20015 923bce 20010->20015 20011->20003 20014 9237ac __vswprintf_c_l 14 API calls 20014->20008 20016 926026 __vswprintf_c_l 29 API calls 20015->20016 20017 923be7 __vswprintf_c_l 20016->20017 20018 923bf5 20017->20018 20019 92169b 20017->20019 20021 92482e __vswprintf_c_l 48 API calls 20017->20021 20022 924ca8 __vswprintf_c_l 48 API calls 20017->20022 20023 925fb0 __vswprintf_c_l 43 API calls 20017->20023 20024 923adc __vswprintf_c_l 43 API calls 20017->20024 20025 923e36 20017->20025 20020 927ac0 __vswprintf_c_l 29 API calls 20018->20020 20019->20014 20020->20019 20021->20017 20022->20017 20023->20017 20024->20017 20026 927ac0 __vswprintf_c_l 29 API calls 20025->20026 20027 923e52 20026->20027 20028 927ac0 __vswprintf_c_l 29 API calls 20027->20028 20028->20019 22946 9065e4 22953 90a604 SendMessageW SendMessageW 22946->22953 22952 90a849 22954 90a629 22953->22954 22955 90662a 22954->22955 22956 90a650 22954->22956 22957 90a63f DeleteCriticalSection 22954->22957 22963 90a60c 22955->22963 22958 90a65f 22956->22958 22961 90e635 3 API calls 22956->22961 22957->22956 22959 90a668 CloseHandle 22958->22959 22960 90a66f 22958->22960 22959->22960 22960->22955 22962 90a678 CloseHandle 22960->22962 22961->22958 22962->22955 22964 90a613 SendMessageW 22963->22964 22965 90a5c5 22963->22965 22964->22965 22966 906632 SetEvent 22965->22966 22967 90a650 22965->22967 22968 90a63f DeleteCriticalSection 22965->22968 22966->22952 22969 90a65f 22967->22969 22972 90e635 3 API calls 22967->22972 22968->22967 22970 90a668 CloseHandle 22969->22970 22971 90a66f 22969->22971 22970->22971 22971->22966 22973 90a678 CloseHandle 22971->22973 22972->22969 22973->22966 20036 91de52 20037 91de5e __FrameHandler3::FrameUnwindToState 20036->20037 20064 91e050 20037->20064 20039 91de65 20040 91dfb8 20039->20040 20048 91de8f ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 20039->20048 20176 91e257 IsProcessorFeaturePresent 20040->20176 20042 91dfbf 20180 9270b4 20042->20180 20045 927078 __FrameHandler3::FrameUnwindToState 23 API calls 20046 91dfcd 20045->20046 20047 91deae 20048->20047 20054 91df2f 20048->20054 20158 92708e 20048->20158 20072 91e371 20054->20072 20065 91e059 20064->20065 20183 91e62b IsProcessorFeaturePresent 20065->20183 20069 91e06a 20071 91e06e 20069->20071 20194 91f060 20069->20194 20071->20039 20261 91f080 20072->20261 20074 91e384 GetStartupInfoW 20075 91df35 20074->20075 20076 926cf9 20075->20076 20263 92b1c0 20076->20263 20078 91df3e 20081 909219 GetModuleHandleW 20078->20081 20080 926d02 20080->20078 20269 92b4f4 20080->20269 20472 90b9d2 SetDefaultDllDirectories 20081->20472 20085 90928c ___scrt_fastfail _wcsrchr 20123 90934b 20085->20123 20155 909278 20085->20155 20756 921504 20085->20756 20086 90dcd9 64 API calls 20108 909391 20086->20108 20090 90936c 20543 909ccb 20090->20543 20091 9094d5 20095 9094e4 20091->20095 20096 9094d1 20091->20096 20092 9094ca 20792 90c72a 20092->20792 20099 9094f1 20095->20099 20811 90ba91 20095->20811 20096->20091 20803 90c6d3 20096->20803 20105 909503 20099->20105 20115 9094fb 20099->20115 20100 909386 20104 90dcd9 64 API calls 20100->20104 20101 90939a 20556 909d2a 20101->20556 20104->20108 20818 90a16e 20105->20818 20777 90a685 20108->20777 20109 91f080 ___scrt_fastfail 20113 909301 GetEnvironmentVariableW 20109->20113 20112 909522 20116 90dc5d 64 API calls 20112->20116 20765 909c9c 20113->20765 20115->20112 20832 9095fe 20115->20832 20119 90952f 20116->20119 20122 90dc5d 64 API calls 20119->20122 20121 9093f2 20121->20155 20580 90af85 20121->20580 20125 909542 20122->20125 20123->20090 20123->20155 20534 90dbce 20123->20534 20865 90e6b2 20125->20865 20133 909567 20134 909575 20133->20134 20137 90e635 3 API calls 20133->20137 20138 90958d 20134->20138 20139 90957f CloseHandle 20134->20139 20136 90dc5d 64 API calls 20136->20133 20137->20134 20141 90959c 20138->20141 20143 90e635 3 API calls 20138->20143 20139->20138 20145 9095b2 20141->20145 20147 90e635 3 API calls 20141->20147 20143->20141 20147->20145 20155->20086 20155->20108 20159 9276f0 __FrameHandler3::FrameUnwindToState 20158->20159 20160 9270a4 pre_c_initialization 20158->20160 20161 929499 pre_c_initialization 43 API calls 20159->20161 20160->20054 20162 927701 20161->20162 20163 92780b __FrameHandler3::FrameUnwindToState 43 API calls 20162->20163 20164 92772b 20163->20164 20177 91e26c ___scrt_fastfail 20176->20177 20178 91e317 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 20177->20178 20179 91e362 ___scrt_fastfail 20178->20179 20179->20042 20181 926edd __FrameHandler3::FrameUnwindToState 23 API calls 20180->20181 20182 91dfc5 20181->20182 20182->20045 20184 91e065 20183->20184 20185 91f037 20184->20185 20186 91f03c ___vcrt_initialize_winapi_thunks 20185->20186 20202 9202c7 20186->20202 20189 91f04a 20189->20069 20191 91f052 20192 91f05d 20191->20192 20216 920303 20191->20216 20192->20069 20195 91f069 20194->20195 20196 91f07a 20194->20196 20197 91f30f ___vcrt_uninitialize_ptd 6 API calls 20195->20197 20196->20071 20198 91f06e 20197->20198 20199 920303 ___vcrt_uninitialize_locks DeleteCriticalSection 20198->20199 20200 91f073 20199->20200 20257 9205c4 20200->20257 20204 9202d0 20202->20204 20205 9202f9 20204->20205 20206 91f046 20204->20206 20220 920554 20204->20220 20207 920303 ___vcrt_uninitialize_locks DeleteCriticalSection 20205->20207 20206->20189 20208 91f2dc 20206->20208 20207->20206 20238 920465 20208->20238 20211 91f2f1 20211->20191 20214 91f30c 20214->20191 20217 92032d 20216->20217 20218 92030e 20216->20218 20217->20189 20219 920318 DeleteCriticalSection 20218->20219 20219->20217 20219->20219 20225 9203f6 20220->20225 20222 92056e 20223 92058c InitializeCriticalSectionAndSpinCount 20222->20223 20224 920577 20222->20224 20223->20224 20224->20204 20226 92041e 20225->20226 20230 92041a __crt_fast_encode_pointer 20225->20230 20226->20230 20231 920332 20226->20231 20229 920438 GetProcAddress 20229->20230 20230->20222 20232 920341 try_get_first_available_module 20231->20232 20233 92035e LoadLibraryExW 20232->20233 20235 9203d4 FreeLibrary 20232->20235 20236 9203eb 20232->20236 20237 9203ac LoadLibraryExW 20232->20237 20233->20232 20234 920379 GetLastError 20233->20234 20234->20232 20235->20232 20236->20229 20236->20230 20237->20232 20239 9203f6 try_get_function 5 API calls 20238->20239 20240 92047f 20239->20240 20241 920498 TlsAlloc 20240->20241 20242 91f2e6 20240->20242 20242->20211 20243 920516 20242->20243 20244 9203f6 try_get_function 5 API calls 20243->20244 20245 920530 20244->20245 20246 92054b TlsSetValue 20245->20246 20247 91f2ff 20245->20247 20246->20247 20247->20214 20248 91f30f 20247->20248 20249 91f31f 20248->20249 20250 91f319 20248->20250 20249->20211 20252 9204a0 20250->20252 20253 9203f6 try_get_function 5 API calls 20252->20253 20254 9204ba 20253->20254 20255 9204d2 TlsFree 20254->20255 20256 9204c6 20254->20256 20255->20256 20256->20249 20258 9205cd 20257->20258 20260 9205f3 20257->20260 20259 9205dd FreeLibrary 20258->20259 20258->20260 20259->20258 20260->20196 20262 91f097 20261->20262 20262->20074 20262->20262 20264 92b1fb 20263->20264 20265 92b1c9 20263->20265 20264->20080 20272 929554 20265->20272 20469 92b4a4 20269->20469 20273 92955f 20272->20273 20276 929565 20272->20276 20274 929c92 pre_c_initialization 6 API calls 20273->20274 20274->20276 20275 929cd1 pre_c_initialization 6 API calls 20277 92957f 20275->20277 20276->20275 20278 92956b 20276->20278 20277->20278 20281 92997c pre_c_initialization 14 API calls 20277->20281 20279 92780b __FrameHandler3::FrameUnwindToState 43 API calls 20278->20279 20280 929570 20278->20280 20282 9295e9 20279->20282 20297 92afbe 20280->20297 20283 92958f 20281->20283 20284 929597 20283->20284 20285 9295ac 20283->20285 20286 929cd1 pre_c_initialization 6 API calls 20284->20286 20287 929cd1 pre_c_initialization 6 API calls 20285->20287 20288 9295a3 20286->20288 20289 9295b8 20287->20289 20292 927c56 __freea 14 API calls 20288->20292 20290 9295cb 20289->20290 20291 9295bc 20289->20291 20294 9292b9 pre_c_initialization 14 API calls 20290->20294 20293 929cd1 pre_c_initialization 6 API calls 20291->20293 20292->20278 20293->20288 20295 9295d6 20294->20295 20296 927c56 __freea 14 API calls 20295->20296 20296->20280 20298 92b113 __vswprintf_c_l 43 API calls 20297->20298 20299 92afe8 20298->20299 20320 92ad3e 20299->20320 20302 927c90 __onexit 15 API calls 20303 92b012 20302->20303 20304 92b01a 20303->20304 20305 92b028 20303->20305 20306 927c56 __freea 14 API calls 20304->20306 20327 92b21b 20305->20327 20309 92b001 20306->20309 20309->20264 20310 92b060 20311 927c1e __dosmaperr 14 API calls 20310->20311 20312 92b065 20311->20312 20314 927c56 __freea 14 API calls 20312->20314 20313 92b0a7 20316 92b0f0 20313->20316 20338 92ac30 20313->20338 20314->20309 20315 92b07b 20315->20313 20318 927c56 __freea 14 API calls 20315->20318 20317 927c56 __freea 14 API calls 20316->20317 20317->20309 20318->20313 20346 926564 20320->20346 20323 92ad71 20325 92ad88 20323->20325 20326 92ad76 GetACP 20323->20326 20324 92ad5f GetOEMCP 20324->20325 20325->20302 20325->20309 20326->20325 20328 92ad3e 45 API calls 20327->20328 20329 92b23b 20328->20329 20330 92b278 IsValidCodePage 20329->20330 20336 92b2b4 ___scrt_fastfail 20329->20336 20332 92b28a 20330->20332 20330->20336 20331 91d981 CatchGuardHandler 5 API calls 20333 92b055 20331->20333 20334 92b2b9 GetCPInfo 20332->20334 20337 92b293 ___scrt_fastfail 20332->20337 20333->20310 20333->20315 20334->20336 20334->20337 20336->20331 20336->20336 20362 92ae12 20337->20362 20339 92ac3c __FrameHandler3::FrameUnwindToState 20338->20339 20443 92b781 EnterCriticalSection 20339->20443 20341 92ac46 20444 92ac7d 20341->20444 20347 926584 20346->20347 20348 92657b 20346->20348 20347->20348 20349 929499 pre_c_initialization 43 API calls 20347->20349 20348->20323 20348->20324 20350 9265a4 20349->20350 20354 927fb0 20350->20354 20355 927fc3 20354->20355 20356 9265ba 20354->20356 20355->20356 20357 92c148 __vswprintf_c_l 43 API calls 20355->20357 20358 92800e 20356->20358 20357->20356 20359 928021 20358->20359 20361 928036 20358->20361 20360 92b208 __vswprintf_c_l 43 API calls 20359->20360 20359->20361 20360->20361 20361->20348 20363 92ae3a GetCPInfo 20362->20363 20372 92af03 20362->20372 20369 92ae52 20363->20369 20363->20372 20365 91d981 CatchGuardHandler 5 API calls 20367 92afbc 20365->20367 20367->20336 20373 92bd76 20369->20373 20372->20365 20374 926564 43 API calls 20373->20374 20375 92bd96 20374->20375 20393 92b529 20375->20393 20377 92be52 20396 9265e7 20377->20396 20378 92bdc3 20378->20377 20381 927c90 __onexit 15 API calls 20378->20381 20383 92be5a 20378->20383 20384 92bde8 ___scrt_fastfail 20378->20384 20379 91d981 CatchGuardHandler 5 API calls 20382 92aeba 20379->20382 20381->20384 20388 930442 20382->20388 20383->20379 20384->20377 20385 92b529 ___scrt_uninitialize_crt MultiByteToWideChar 20384->20385 20386 92be33 20385->20386 20386->20377 20387 92be3e GetStringTypeW 20386->20387 20387->20377 20389 926564 43 API calls 20388->20389 20395 92b53a MultiByteToWideChar 20393->20395 20395->20378 20397 9265f3 20396->20397 20398 926604 20396->20398 20397->20398 20399 927c56 __freea 14 API calls 20397->20399 20398->20383 20399->20398 20443->20341 20454 92b423 20444->20454 20446 92ac9f 20447 92b423 __vswprintf_c_l 43 API calls 20446->20447 20448 92acbe 20447->20448 20449 92ac53 20448->20449 20450 927c56 __freea 14 API calls 20448->20450 20451 92ac71 20449->20451 20450->20449 20455 92b434 20454->20455 20458 92b430 __vswprintf_c_l 20454->20458 20456 92b43b 20455->20456 20460 92b44e ___scrt_fastfail 20455->20460 20457 927c1e __dosmaperr 14 API calls 20456->20457 20459 92b440 20457->20459 20458->20446 20461 927b3d __get_errno 43 API calls 20459->20461 20460->20458 20462 92b47c 20460->20462 20464 92b485 20460->20464 20461->20458 20463 927c1e __dosmaperr 14 API calls 20462->20463 20465 92b481 20463->20465 20464->20458 20466 927c1e __dosmaperr 14 API calls 20464->20466 20467 927b3d __get_errno 43 API calls 20465->20467 20466->20465 20467->20458 20470 926564 43 API calls 20469->20470 20471 92b4b7 20470->20471 20471->20080 20473 90ba15 GetProcessHeap HeapAlloc 20472->20473 20474 90b9eb GetLastError 20472->20474 20475 90ba2d 20473->20475 20481 90ba41 20473->20481 20474->20473 20476 90ba03 20474->20476 20477 90dcd9 64 API calls 20475->20477 20478 90dcd9 64 API calls 20476->20478 20480 909272 20477->20480 20478->20480 20480->20155 20484 90a9c9 20480->20484 20481->20480 20482 90ba79 20481->20482 20872 90b867 20481->20872 20483 90dcd9 64 API calls 20482->20483 20483->20480 20485 91f080 ___scrt_fastfail 20484->20485 20486 90a9f7 GetCommandLineW CommandLineToArgvW 20485->20486 20487 90aa44 20486->20487 20488 90aa14 GetLastError 20486->20488 20490 90aa58 lstrlenW 20487->20490 20492 90ab3c lstrlenW 20487->20492 20496 90aa83 lstrlenW 20487->20496 20499 90ae99 20487->20499 20511 90ad08 lstrlenW 20487->20511 20513 90ab80 20487->20513 20522 90e06d 7 API calls 20487->20522 20887 90ee3f 20487->20887 20898 90e283 20487->20898 20904 90f0cc 20487->20904 20489 90dcd9 64 API calls 20488->20489 20491 90aa3d 20489->20491 20490->20487 20495 91d981 CatchGuardHandler 5 API calls 20491->20495 20493 90ab92 lstrlenW 20492->20493 20494 90ab48 CompareStringW 20492->20494 20497 90aba0 CompareStringW 20493->20497 20498 90abcd lstrlenW 20493->20498 20494->20487 20494->20493 20500 90af83 20495->20500 20501 90aab9 lstrlenW 20496->20501 20502 90aa8f CompareStringW 20496->20502 20497->20487 20497->20498 20505 90ac29 lstrlenW 20498->20505 20506 90abdd CompareStringW 20498->20506 20516 90ab8b LocalFree 20499->20516 20909 90f126 20499->20909 20500->20085 20503 90aac7 CompareStringW 20501->20503 20504 90aaef lstrlenW 20501->20504 20502->20487 20502->20501 20503->20487 20503->20504 20504->20487 20508 90aafd CompareStringW 20504->20508 20509 90acbb lstrlenW 20505->20509 20510 90ac3b CompareStringW 20505->20510 20506->20487 20506->20505 20508->20487 20509->20511 20512 90acc9 CompareStringW 20509->20512 20510->20487 20510->20509 20514 90ad16 CompareStringW 20511->20514 20515 90ad57 lstrlenW 20511->20515 20512->20487 20512->20511 20518 90dcd9 64 API calls 20513->20518 20514->20487 20514->20515 20519 90ad84 lstrlenW 20515->20519 20520 90ad65 CompareStringW 20515->20520 20516->20491 20518->20516 20523 90ad92 CompareStringW 20519->20523 20524 90adbd lstrlenW 20519->20524 20520->20487 20520->20519 20522->20487 20523->20487 20523->20524 20526 90adf6 lstrlenW 20524->20526 20527 90adcb CompareStringW 20524->20527 20528 90ae04 CompareStringW 20526->20528 20529 90ae2e lstrlenW 20526->20529 20527->20487 20527->20526 20528->20487 20528->20529 20530 90ae5b lstrlenW 20529->20530 20531 90ae3c CompareStringW 20529->20531 20530->20487 20532 90ae69 CompareStringW 20530->20532 20531->20487 20531->20530 20532->20487 20923 90f358 20534->20923 20537 90dbf3 GetLastError 20538 90dc0b 20537->20538 20540 90dc24 20537->20540 20539 90e06d 7 API calls 20538->20539 20541 90dc19 20539->20541 20540->20090 20541->20540 20930 90dd38 20541->20930 20989 90bd0b 20543->20989 20546 909ce8 20549 90dcd9 64 API calls 20546->20549 20547 909cf9 21004 90bdb9 20547->21004 20551 909380 20549->20551 20551->20100 20551->20101 20552 90dcd9 64 API calls 20553 909d14 20552->20553 20553->20551 20554 909d1c 20553->20554 20555 90c72a 9 API calls 20554->20555 20555->20551 20557 909d68 20556->20557 20564 909ea2 20556->20564 20559 909e97 20557->20559 20571 909d89 20557->20571 21062 90be30 20557->21062 20561 90dcd9 64 API calls 20559->20561 20560 9093b3 20560->20121 20560->20155 20573 90bb5c RegOpenKeyExW 20560->20573 20561->20564 20563 909ed1 20566 90c781 13 API calls 20563->20566 20564->20560 20564->20563 20565 90e635 3 API calls 20564->20565 20565->20563 20566->20560 20567 909e8a 20568 90dcd9 64 API calls 20567->20568 20569 909e83 20568->20569 20569->20564 20571->20557 20571->20567 20571->20569 20572 90e635 GetProcessHeap HeapFree GetLastError 20571->20572 21084 90bfbb 20571->21084 21098 90c781 20571->21098 20572->20571 20574 90bb94 RegQueryValueExW 20573->20574 20575 90bbb0 20573->20575 20574->20575 20576 90bbc3 RegCloseKey 20575->20576 20577 90bbcc 20575->20577 20576->20577 20578 91d981 CatchGuardHandler 5 API calls 20577->20578 20581 90afbb ___scrt_fastfail 20580->20581 21186 90b110 20581->21186 20757 921512 20756->20757 20758 921520 20756->20758 20757->20758 20762 92153a 20757->20762 20759 927c1e __dosmaperr 14 API calls 20758->20759 20764 92152a 20759->20764 20760 927b3d __get_errno 43 API calls 20761 9092df PathRemoveExtensionW 20760->20761 20761->20109 20762->20761 20763 927c1e __dosmaperr 14 API calls 20762->20763 20763->20764 20764->20760 20766 909cb4 __vswprintf_c_l 20765->20766 22567 9263c5 20766->22567 20769 90e06d 20770 90e082 20769->20770 20774 90e087 20769->20774 22779 90ea0b GetProcessHeap HeapSize 20770->22779 20771 90e0a2 lstrlenW 20772 90e0ab 20771->20772 20775 90e08e 20772->20775 20774->20771 20774->20772 20774->20775 20775->20123 20778 90a692 20777->20778 20779 9094bd 20777->20779 20780 90a6a3 EnterCriticalSection LeaveCriticalSection 20778->20780 20781 90a6e1 20778->20781 20779->20091 20779->20092 20782 90a6c4 PostMessageW 20780->20782 20783 90a6cf 20780->20783 20784 90a702 20781->20784 20785 90a6f5 DeleteCriticalSection 20781->20785 20782->20783 20783->20781 20786 90a6d8 WaitForSingleObject 20783->20786 20787 90a713 20784->20787 20788 90e635 3 API calls 20784->20788 20785->20784 20786->20781 20789 90a723 20787->20789 20790 90a71c CloseHandle 20787->20790 20788->20787 20789->20779 20791 90a72c CloseHandle 20789->20791 20790->20789 20791->20779 20793 90c732 CloseHandle 20792->20793 20794 90c73a 20792->20794 20793->20794 20795 90c740 GetProcessHeap HeapFree 20794->20795 20796 90c75b 20794->20796 20795->20796 20797 90c756 20795->20797 20798 90c767 GetProcessHeap HeapFree 20796->20798 20799 90e635 3 API calls 20796->20799 22780 90e9f4 GetLastError 20797->22780 20800 90c780 20798->20800 20801 90e9f4 GetLastError 20798->20801 20799->20798 20800->20096 20800->20801 20801->20096 20804 90c708 20803->20804 20805 90c6e9 20803->20805 20806 90c725 20804->20806 20807 90c70c GetProcessHeap HeapFree 20804->20807 20805->20804 20809 90c6f7 CloseHandle 20805->20809 20806->20095 20807->20806 20808 90c720 20807->20808 22781 90e9f4 GetLastError 20808->22781 20809->20804 20809->20805 20812 90bab8 GetProcessHeap HeapFree 20811->20812 20813 90ba9b 20811->20813 20814 90bad2 20812->20814 20815 90e9f4 GetLastError 20812->20815 20816 90baa4 FreeLibrary 20813->20816 20817 90bab7 20813->20817 20814->20099 20814->20815 20815->20099 20816->20813 20817->20812 20819 90950d 20818->20819 20825 90a186 20818->20825 20819->20115 20820 90a204 GetProcessHeap HeapFree 20821 90a218 20820->20821 20822 90a21d 20820->20822 22782 90e9f4 GetLastError 20821->22782 20822->20819 20827 90eb72 30 API calls 20822->20827 20823 90f079 15 API calls 20823->20825 20825->20820 20825->20823 20826 90a1b1 DeleteFileW 20825->20826 20829 90e635 GetProcessHeap HeapFree GetLastError 20825->20829 20830 90a1cc MoveFileExW 20825->20830 20826->20825 20828 90a1bc GetLastError 20826->20828 20827->20819 20828->20825 20829->20825 20830->20825 20831 90a1db GetLastError 20830->20831 20831->20825 20833 90962a 20832->20833 20836 90961f 20832->20836 20833->20836 20837 90966c 20833->20837 20834 90ea1c 6 API calls 20835 9096d8 20834->20835 20838 9096dc 20835->20838 20839 9096ed 20835->20839 20836->20834 20842 90ea1c 6 API calls 20837->20842 20843 90dcd9 64 API calls 20838->20843 20840 9096f5 20839->20840 20841 90971c 20839->20841 20845 90ea1c 6 API calls 20840->20845 20846 909c6a 74 API calls 20841->20846 20847 909674 20842->20847 20844 9096e8 20843->20844 20851 909742 20844->20851 20853 90e635 3 API calls 20844->20853 20848 909709 MessageBoxW 20845->20848 20849 909697 20846->20849 20847->20838 20850 909678 20847->20850 20848->20849 20849->20844 20857 90e635 3 API calls 20849->20857 22783 90e573 FormatMessageW 20850->22783 20855 90974d 20851->20855 20856 90e635 3 API calls 20851->20856 20853->20851 20855->20112 20856->20855 20857->20844 20858 9096a2 20861 90e283 6 API calls 20858->20861 20859 90968b 20860 90dcd9 64 API calls 20859->20860 20860->20849 20862 9096b1 20861->20862 20862->20839 20863 9096b5 20862->20863 20864 90dcd9 64 API calls 20863->20864 20864->20849 22792 90e656 GetTimeZoneInformation 20865->22792 20868 90e326 57 API calls 20869 90e6f6 20868->20869 20870 91d981 CatchGuardHandler 5 API calls 20869->20870 20871 909552 20870->20871 20871->20133 20871->20136 20873 91f080 ___scrt_fastfail 20872->20873 20874 90b898 GetSystemDirectoryW 20873->20874 20875 90b8b2 GetLastError 20874->20875 20879 90b8e2 20874->20879 20876 90b8d5 20875->20876 20877 90dcd9 64 API calls 20876->20877 20878 90b8db 20877->20878 20882 91d981 CatchGuardHandler 5 API calls 20878->20882 20879->20876 20881 90b935 20879->20881 20880 90b973 20883 90dcd9 64 API calls 20880->20883 20881->20880 20885 90b97b LoadLibraryW 20881->20885 20884 90b9d0 20882->20884 20883->20878 20884->20481 20885->20878 20886 90b994 GetLastError 20885->20886 20886->20880 20888 90dfdf 4 API calls 20887->20888 20889 90ee59 GetCurrentDirectoryW 20888->20889 20890 90ee8c 20889->20890 20891 90ee6d GetLastError 20889->20891 20892 90ee85 20890->20892 20893 90dfdf 4 API calls 20890->20893 20891->20892 20894 90eecd 20892->20894 20896 90e635 3 API calls 20892->20896 20895 90ee9b 20893->20895 20894->20487 20895->20892 20897 90eea4 GetCurrentDirectoryW 20895->20897 20896->20894 20897->20891 20897->20892 20899 90e29c 20898->20899 20901 90e2a1 20898->20901 20917 90ea0b GetProcessHeap HeapSize 20899->20917 20902 90dfdf 4 API calls 20901->20902 20903 90e2a8 20901->20903 20902->20903 20903->20487 20918 90e60b 20904->20918 20906 90f11e 20906->20487 20907 90f0e6 20907->20906 20908 90e283 6 API calls 20907->20908 20908->20906 20910 90f12f 20909->20910 20911 90dfdf 4 API calls 20910->20911 20912 90f177 20910->20912 20913 90f13e GetModuleFileNameW 20910->20913 20911->20910 20912->20516 20914 90f15a GetLastError 20913->20914 20915 90f14d 20913->20915 20914->20912 20916 90f156 20914->20916 20915->20910 20915->20916 20916->20912 20917->20901 20919 90e615 20918->20919 20921 90e61a 20918->20921 20922 90ea0b GetProcessHeap HeapSize 20919->20922 20921->20907 20922->20921 20950 90f079 20923->20950 20926 90f375 CreateFileW 20927 90f38e 20926->20927 20928 90dbe9 20927->20928 20929 90e635 3 API calls 20927->20929 20928->20537 20928->20538 20929->20928 20931 90dd7a 20930->20931 20949 90de6a 20930->20949 20932 90dd86 GetModuleFileNameW 20931->20932 20931->20949 20934 90dd9e ___scrt_fastfail 20932->20934 20933 90de7d 20936 91d981 CatchGuardHandler 5 API calls 20933->20936 20973 90f17c 20934->20973 20935 90e635 3 API calls 20935->20933 20938 90de8c 20936->20938 20938->20540 20949->20933 20949->20935 20951 90e06d 7 API calls 20950->20951 20954 90f08c 20951->20954 20952 90f0b5 20953 90f0c6 20952->20953 20955 90e635 3 API calls 20952->20955 20953->20926 20953->20927 20954->20952 20957 90efdc 20954->20957 20955->20953 20958 90eff3 20957->20958 20959 90f013 BuildCatchObjectHelperInternal 20958->20959 20962 90f06a 20958->20962 20963 90ea0b GetProcessHeap HeapSize 20958->20963 20959->20962 20964 90e1a9 20959->20964 20962->20952 20963->20959 20965 90e1d7 20964->20965 20967 90e1dc 20964->20967 20972 90ea0b GetProcessHeap HeapSize 20965->20972 20968 90dfdf 4 API calls 20967->20968 20969 90e1e3 __vswprintf_c_l BuildCatchObjectHelperInternal 20967->20969 20968->20969 20970 91d981 CatchGuardHandler 5 API calls 20969->20970 20971 90e27f 20970->20971 20971->20962 20972->20967 20974 90f079 15 API calls 20973->20974 20990 90f358 16 API calls 20989->20990 20991 90bd2c 20990->20991 20992 90bd52 GetProcessHeap HeapAlloc 20991->20992 20993 90bd33 GetLastError 20991->20993 20994 90bd70 20992->20994 20995 90bd69 20992->20995 20996 909ce2 20993->20996 20997 90e06d 7 API calls 20994->20997 20995->20996 20999 90bdab CloseHandle 20995->20999 20996->20546 20996->20547 20998 90bd81 20997->20998 21003 90bd8e 20998->21003 21010 90c823 20998->21010 20999->20996 21001 90bd9f 21002 90c72a 9 API calls 21001->21002 21002->20995 21003->20996 21003->21001 21005 90be19 21004->21005 21006 90bdfe 21004->21006 21008 91d981 CatchGuardHandler 5 API calls 21005->21008 21034 90bc20 21006->21034 21009 909d03 21008->21009 21009->20551 21009->20552 21028 90f282 SetFilePointerEx 21010->21028 21012 90c855 21013 90c887 21012->21013 21015 90c891 GetProcessHeap HeapReAlloc 21012->21015 21016 90c869 GetProcessHeap RtlAllocateHeap 21012->21016 21018 90c8b4 ReadFile 21012->21018 21024 90c901 21012->21024 21014 91d981 CatchGuardHandler 5 API calls 21013->21014 21017 90c9bb 21014->21017 21015->21012 21020 90c983 21015->21020 21016->21013 21016->21018 21017->21003 21018->21012 21019 90c96b GetLastError 21018->21019 21019->21020 21020->21013 21021 90c993 GetProcessHeap RtlFreeHeap 21020->21021 21021->21013 21024->21020 21025 90c909 GetProcessHeap HeapAlloc 21024->21025 21025->21020 21026 90c922 GetProcessHeap HeapAlloc 21025->21026 21026->21020 21029 90f2ab GetLastError 21028->21029 21030 90f2bf 21028->21030 21029->21030 21031 91d981 CatchGuardHandler 5 API calls 21030->21031 21032 90f2cc 21031->21032 21032->21012 21038 90bc45 21034->21038 21043 90bc71 21034->21043 21035 91d981 CatchGuardHandler 5 API calls 21037 90bc83 21035->21037 21037->21005 21039 90bc87 21038->21039 21038->21043 21044 90bbe6 21038->21044 21040 90dfdf 4 API calls 21039->21040 21041 90bc91 21040->21041 21042 90bbe6 43 API calls 21041->21042 21041->21043 21042->21043 21043->21035 21045 90bc0b 21044->21045 21046 90bbfb 21044->21046 21045->21038 21048 90d3f2 21046->21048 21049 90d404 21048->21049 21058 90d400 __vswprintf_c_l 21048->21058 21050 90d408 21049->21050 21051 90d41b ___scrt_fastfail 21049->21051 21052 927c1e __dosmaperr 14 API calls 21050->21052 21055 90d446 21051->21055 21056 90d44f 21051->21056 21051->21058 21056->21058 21060 927c1e __dosmaperr 14 API calls 21056->21060 21058->21045 21063 90be67 21062->21063 21064 90be5d 21062->21064 21119 90c6a7 GetProcessHeap HeapAlloc 21063->21119 21067 91d981 CatchGuardHandler 5 API calls 21064->21067 21068 90bfb7 21067->21068 21068->20557 21069 90be7c GetProcessHeap HeapAlloc 21070 90be9e 21069->21070 21070->21064 21085 90bfdf 21084->21085 21086 90bc20 47 API calls 21085->21086 21087 90c039 21085->21087 21086->21087 21088 90c051 GetProcessHeap HeapAlloc 21087->21088 21089 90c15e 21087->21089 21090 90c070 21087->21090 21088->21090 21089->21090 21099 90c792 21098->21099 21100 90c78a FindCloseChangeNotification 21098->21100 21101 90c7b3 21099->21101 21102 90c799 GetProcessHeap HeapFree 21099->21102 21100->21099 21103 90c7d2 21101->21103 21104 90c7b8 GetProcessHeap HeapFree 21101->21104 21102->21101 21105 90c7ae 21102->21105 21104->21103 21120 90be6f 21119->21120 21120->21069 21120->21070 22568 9263d9 __vswprintf_c_l 22567->22568 22573 921c50 22568->22573 22571 923770 __vswprintf_c_l 43 API calls 22572 909335 22571->22572 22572->20769 22574 921c7f 22573->22574 22575 921c5c 22573->22575 22577 921ca6 22574->22577 22581 921737 22574->22581 22576 927ac0 __vswprintf_c_l 29 API calls 22575->22576 22578 921c77 22576->22578 22577->22578 22580 927ac0 __vswprintf_c_l 29 API calls 22577->22580 22578->22571 22580->22578 22582 921763 22581->22582 22583 921786 22581->22583 22584 927ac0 __vswprintf_c_l 29 API calls 22582->22584 22583->22582 22587 92178e 22583->22587 22585 92177b 22584->22585 22586 91d981 CatchGuardHandler 5 API calls 22585->22586 22588 9218b8 22586->22588 22592 92439e 22587->22592 22588->22577 22593 926026 __vswprintf_c_l 29 API calls 22592->22593 22597 9243b3 22593->22597 22594 92180f 22595 9243c1 22597->22594 22597->22595 22601 923b54 22597->22601 22604 924b1a 22597->22604 22645 92539b 22597->22645 22779->20774 22780->20796 22781->20806 22782->20822 22784 90e5e0 22783->22784 22785 90e5c1 GetLastError 22783->22785 22786 90e06d 7 API calls 22784->22786 22787 90e5d9 22785->22787 22786->22787 22788 90e5f2 LocalFree 22787->22788 22789 90e5fb 22787->22789 22788->22789 22790 91d981 CatchGuardHandler 5 API calls 22789->22790 22791 909684 22790->22791 22791->20858 22791->20859 22793 90e69e GetSystemTime 22792->22793 22794 90e67e GetSystemTime SystemTimeToTzSpecificLocalTime 22792->22794 22795 90e6a5 22793->22795 22794->22793 22794->22795 22796 91d981 CatchGuardHandler 5 API calls 22795->22796 22797 90e6b0 22796->22797 22797->20868 25103 929360 25104 92936b 25103->25104 25108 92937b 25103->25108 25109 929381 25104->25109 25107 927c56 __freea 14 API calls 25107->25108 25110 92939c 25109->25110 25111 929396 25109->25111 25113 927c56 __freea 14 API calls 25110->25113 25112 927c56 __freea 14 API calls 25111->25112 25112->25110 25114 9293a8 25113->25114 25115 927c56 __freea 14 API calls 25114->25115 25116 9293b3 25115->25116 25117 927c56 __freea 14 API calls 25116->25117 25118 9293be 25117->25118 25119 927c56 __freea 14 API calls 25118->25119 25120 9293c9 25119->25120 25121 927c56 __freea 14 API calls 25120->25121 25122 9293d4 25121->25122 25123 927c56 __freea 14 API calls 25122->25123 25124 9293df 25123->25124 25125 927c56 __freea 14 API calls 25124->25125 25126 9293ea 25125->25126 25127 927c56 __freea 14 API calls 25126->25127 25128 9293f5 25127->25128 25129 927c56 __freea 14 API calls 25128->25129 25130 929403 25129->25130 25135 92919f 25130->25135 25136 9291ab __FrameHandler3::FrameUnwindToState 25135->25136 25151 92b781 EnterCriticalSection 25136->25151 25138 9291df 25152 9291fe 25138->25152 25140 9291b5 25140->25138 25142 927c56 __freea 14 API calls 25140->25142 25142->25138 25143 92920a 25144 929216 __FrameHandler3::FrameUnwindToState 25143->25144 25156 92b781 EnterCriticalSection 25144->25156 25146 929220 25147 92944e pre_c_initialization 14 API calls 25146->25147 25148 929233 25147->25148 25157 929253 25148->25157 25151->25140 25155 92b7d1 LeaveCriticalSection 25152->25155 25154 9291ec 25154->25143 25155->25154 25156->25146 25160 92b7d1 LeaveCriticalSection 25157->25160 25159 929241 25159->25107 25160->25159

          Executed Functions

          Function 009097A6 Relevance: 86.1, APIs: 20, Strings: 29, Instructions: 370COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 9097a6-9097f3 call 91f080 call 90ee3f 5 9097f5 0->5 6 909807-909816 call 90eed4 0->6 8 9097fa-909802 call 90dcd9 5->8 12 909818-90981d 6->12 13 90981f-90982b call 90f126 6->13 14 909c04 8->14 12->8 18 909834-909847 SetEnvironmentVariableW 13->18 19 90982d-909832 13->19 17 909c07-909c0b 14->17 20 909c15-909c1a 17->20 21 909c0d-909c10 call 90eed4 17->21 24 909849-90986c GetLastError 18->24 25 90986e-90987e SetEnvironmentVariableW 18->25 19->8 22 909c23-909c25 20->22 23 909c1c-909c1e call 90e635 20->23 21->20 28 909c27-909c29 call 90e635 22->28 29 909c2e-909c33 22->29 23->22 24->8 30 909880-9098a3 GetLastError 25->30 31 9098a8-9098bb SetEnvironmentVariableW 25->31 28->29 33 909c35-909c37 call 90e635 29->33 34 909c3c-909c40 29->34 30->8 35 9098e5-9098f5 SetEnvironmentVariableW 31->35 36 9098bd-9098e0 GetLastError 31->36 33->34 40 909c42-909c45 call 90e635 34->40 41 909c4a-909c4f 34->41 37 9098f7-909917 GetLastError 35->37 38 90991f-909923 35->38 36->8 37->38 42 909961-909971 call 90e06d 38->42 43 909925-909937 SetEnvironmentVariableW 38->43 40->41 45 909c51-909c53 call 90e635 41->45 46 909c58-909c67 call 91d981 41->46 53 909973 42->53 54 90997d-90998e call 90e706 42->54 43->42 47 909939-909959 GetLastError 43->47 45->46 47->42 53->54 57 909990 54->57 58 90999a-9099aa ExpandEnvironmentStringsW 54->58 57->58 59 9099e1-9099ef call 90dfdf 58->59 60 9099ac-9099dc GetLastError call 90dcd9 58->60 65 9099f1 59->65 66 9099fb-909a0c ExpandEnvironmentStringsW 59->66 60->17 65->66 66->60 67 909a0e-909a1a 66->67 68 909a35-909a98 call 90e283 * 8 67->68 69 909a1c-909a33 call 90e283 call 90dc5d 67->69 78 909a9d-909aa9 CoInitializeEx 68->78 69->78 80 909ab5-909b12 call 90dc5d ShellExecuteExW 78->80 81 909aab 78->81 87 909b18-909b1e 80->87 88 909bab-909bb4 GetProcessId 80->88 81->80 91 909b20 87->91 92 909b6e-909b71 87->92 90 909bb6-909bbf call 909752 88->90 106 909bc1-909bcd Sleep 90->106 107 909bcf-909bd8 call 90a685 90->107 97 909b22-909b26 91->97 98 909b95-909b9a 91->98 95 909b73-909b76 92->95 96 909b9c 92->96 95->96 101 909b78-909b7b 95->101 104 909ba1 96->104 102 909b67-909b6c 97->102 103 909b28-909b2b 97->103 98->104 101->96 108 909b7d-909b80 101->108 102->104 109 909b60-909b65 103->109 110 909b2d-909b31 103->110 104->88 106->90 106->107 125 909be4-909bfe WaitForSingleObject GetExitCodeProcess CloseHandle 107->125 126 909bda 107->126 108->98 113 909b82-909b85 108->113 109->104 114 909b33-909b36 110->114 115 909b4b-909b5e call 90dc5d 110->115 120 909b87-909b8c 113->120 121 909b8e-909b93 113->121 122 909b44-909b49 114->122 123 909b38-909b3b 114->123 115->104 120->104 121->104 122->104 123->120 127 909b3d-909b42 123->127 125->14 126->125 127->104
          APIs
            • Part of subcall function 0090EE3F: GetCurrentDirectoryW.KERNEL32(00000040,00000000,00000001,0093A8D0,00000000,?,?,?,0090AC68), ref: 0090EE61
            • Part of subcall function 0090EE3F: GetLastError.KERNEL32(?,0090AC68), ref: 0090EE6D
            • Part of subcall function 0090F126: GetModuleFileNameW.KERNEL32(00000000,0093A8D0,00000104,00000000,0093A8D0,0090AF10,00000000,?,00000000), ref: 0090F143
          • SetEnvironmentVariableW.KERNEL32(_SFX_CAB_EXE_PATH,?,?,00000000), ref: 0090983F
          • GetLastError.KERNEL32(?,?,00000000), ref: 00909849
          • SetEnvironmentVariableW.KERNEL32(_SFX_CAB_EXE_PACKAGE,?,?,?,00000000), ref: 00909876
          • GetLastError.KERNEL32(?,?,00000000), ref: 00909880
          • SetEnvironmentVariableW.KERNEL32(_SFX_CAB_EXE_PARAMETERS,?,?,00000000), ref: 009098B3
          • GetLastError.KERNEL32(?,?,00000000), ref: 009098BD
          • SetEnvironmentVariableW.KERNEL32(_SFX_CAB_EXE_ORIGINALWORKINGDIR,?,?,?,00000000), ref: 009098ED
          • GetLastError.KERNEL32(?,?,00000000), ref: 009098F7
          • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00907754,?,?,00000000), ref: 0090992F
          • GetLastError.KERNEL32(?,?,00000000), ref: 00909939
          Strings
          • _SFX_CAB_EXE_PACKAGE:, xrefs: 00909A5F
          • Failed to set _SFX_CAB_EXE_ORIGINALDIRECTORY, xrefs: 00909908
          • runas, xrefs: 00909ABC
          • User may have declined UAC prompt, xrefs: 00909B4B
          • Failed to initialize COM., xrefs: 00909AAB
          • Failed to expand environment variables in string: %S, xrefs: 009099CB
          • _SFX_CAB_EXE_PACKAGE, xrefs: 00909871
          • Failed to allocate space for extracted package name., xrefs: 009099F1
          • Failed to set _SFX_CAB_EXE_PATH, xrefs: 0090985A
          • Failed to get current directory, xrefs: 009097F5
          • Executing extracted package: '%S' with commandline '%S', xrefs: 00909AE0
          • <, xrefs: 00909ACC
          • Failed to set _SFX_CAB_EXE_PARAMETERS, xrefs: 009098CE
          • Used --programArgs: '%S', xrefs: 00909A24
          • _SFX_CAB_EXE_ORIGINALWORKINGDIR:, xrefs: 00909A79
          • Failed to allocate memory for command line, xrefs: 00909973
          • Failed to set _SFX_CAB_EXE_PACKAGE, xrefs: 00909891
          • Failed to get the extracted package name, xrefs: 00909990
          • open, xrefs: 00909AC4
          • Failed to get the name of the module, xrefs: 0090982D
          • _SFX_CAB_EXE_PARAMETERS, xrefs: 009098AE
          • Failed to set target directory, xrefs: 00909818
          • Failed to set __COMPAT_LAYER, xrefs: 0090994A
          • --env , xrefs: 00909A41
          • _SFX_CAB_EXE_ORIGINALWORKINGDIR, xrefs: 009098E8
          • _SFX_CAB_EXE_PATH, xrefs: 0090983A
          • Failed to start the process, xrefs: 00909BA1
          • Failed to stop reporting progress, xrefs: 00909BDA
          • __COMPAT_LAYER, xrefs: 0090992A
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$EnvironmentVariable$CurrentDirectoryFileModuleName
          • String ID: --env $ _SFX_CAB_EXE_ORIGINALWORKINGDIR:$<$Executing extracted package: '%S' with commandline '%S'$Failed to allocate memory for command line$Failed to allocate space for extracted package name.$Failed to expand environment variables in string: %S$Failed to get current directory$Failed to get the extracted package name$Failed to get the name of the module$Failed to initialize COM.$Failed to set _SFX_CAB_EXE_ORIGINALDIRECTORY$Failed to set _SFX_CAB_EXE_PACKAGE$Failed to set _SFX_CAB_EXE_PARAMETERS$Failed to set _SFX_CAB_EXE_PATH$Failed to set __COMPAT_LAYER$Failed to set target directory$Failed to start the process$Failed to stop reporting progress$Used --programArgs: '%S'$User may have declined UAC prompt$_SFX_CAB_EXE_ORIGINALWORKINGDIR$_SFX_CAB_EXE_PACKAGE$_SFX_CAB_EXE_PACKAGE:$_SFX_CAB_EXE_PARAMETERS$_SFX_CAB_EXE_PATH$__COMPAT_LAYER$open$runas
          • API String ID: 1070303252-1339798775
          • Opcode ID: a86cb972233220c40a1a94fe8a1443e062e96b93cd5fc9bd41331c550900160f
          • Instruction ID: d778d4c48e1cd63d572ac7c8fe530a6eaf2b66d9c69ad28b42ae6387747ad850
          • Opcode Fuzzy Hash: a86cb972233220c40a1a94fe8a1443e062e96b93cd5fc9bd41331c550900160f
          • Instruction Fuzzy Hash: 99C1E332E18229DFDB159BE8DC45BAEBBB9AF80720F104118EC16F72D5DB259C01DB90
          Function 00909219 Relevance: 44.0, APIs: 10, Strings: 15, Instructions: 296COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 128 909219-909276 GetModuleHandleW call 90b9d2 131 909282-909290 call 90a9c9 128->131 132 909278-90927d 128->132 137 909292-909297 131->137 138 90929c-9092a4 131->138 133 9094b0-9094b1 call 90dcd9 132->133 139 9094b6-9094b7 133->139 137->133 141 909365-909367 call 90dbce 138->141 142 9092aa-90934f call 91e7ce call 91f080 call 921504 PathRemoveExtensionW call 91f080 GetEnvironmentVariableW call 909c9c call 90e06d 138->142 140 9094b8-9094c8 call 90a685 139->140 149 9094d5-9094d7 140->149 150 9094ca-9094d1 call 90c72a 140->150 147 90936c-909384 call 909ccb 141->147 200 909351-909356 142->200 201 90935b-909363 142->201 162 909386-909395 call 90dcd9 147->162 163 90939a-9093b7 call 909d2a 147->163 154 9094e4-9094ea 149->154 155 9094d9-9094df call 90c6d3 149->155 150->149 160 9094f1-9094f9 154->160 161 9094ec call 90ba91 154->161 155->154 167 909503-90950d call 90a16e 160->167 168 9094fb-909501 160->168 161->160 162->139 177 9093c3-9093c9 163->177 178 9093b9-9093be 163->178 173 90950f-909511 167->173 168->173 179 909522-909558 call 90dc5d * 2 call 90e6b2 173->179 180 909513-909519 173->180 183 9093d9-9093dc 177->183 184 9093cb-9093d0 177->184 178->133 212 90956a-90956c 179->212 213 90955a-909567 call 90dc5d 179->213 180->179 185 90951b-90951d call 9095fe 180->185 190 9093e1-9093e3 183->190 184->183 188 9093d2-9093d7 184->188 185->179 188->190 193 909402-909412 call 90af85 190->193 194 9093e5-9093eb 190->194 207 909414-909419 193->207 208 90941e-909442 #17 GetProcessHeap HeapAlloc 193->208 194->193 197 9093ed call 90bb5c 194->197 205 9093f2-9093f6 197->205 200->133 201->141 201->147 205->193 211 9093f8-9093fd 205->211 207->133 209 909450-909470 GetTickCount call 909ee2 208->209 210 909444-90944e 208->210 225 909472-909477 209->225 226 909479-909491 GetTickCount call 9091b0 209->226 210->133 211->133 214 909575-90957d 212->214 215 90956e-909570 call 90e635 212->215 213->212 219 90958d-909595 214->219 220 90957f-909586 CloseHandle 214->220 215->214 223 9095a3-9095ab 219->223 224 909597-90959e call 90e635 219->224 220->219 229 9095b2-9095ba 223->229 230 9095ad call 90e635 223->230 224->223 225->133 226->140 236 909493-9094a0 call 9097a6 226->236 234 9095c1-9095c9 229->234 235 9095bc call 90e635 229->235 230->229 238 9095d0-9095d6 234->238 239 9095cb call 90e635 234->239 235->234 247 9094a5-9094a9 236->247 241 9095d8 call 90e635 238->241 242 9095dd-9095e3 238->242 239->238 241->242 245 9095e5 242->245 246 9095e8-9095fb call 91d981 242->246 245->246 247->140 249 9094ab 247->249 249->133
          APIs
          • GetModuleHandleW.KERNEL32(00000000), ref: 0090925E
            • Part of subcall function 0090B9D2: SetDefaultDllDirectories.KERNEL32(00000800,?,00909272), ref: 0090B9E1
            • Part of subcall function 0090B9D2: GetLastError.KERNEL32(?,00909272), ref: 0090B9EB
          • CloseHandle.KERNEL32(000001E0), ref: 00909580
            • Part of subcall function 0090A16E: DeleteFileW.KERNEL32(00000000,?,00000000), ref: 0090A1B2
            • Part of subcall function 0090A16E: GetLastError.KERNEL32 ref: 0090A1BC
            • Part of subcall function 0090A16E: MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 0090A1D1
            • Part of subcall function 0090A16E: GetLastError.KERNEL32 ref: 0090A1DB
            • Part of subcall function 0090A16E: GetProcessHeap.KERNEL32(00000000,04BBB450,?,00000000), ref: 0090A207
            • Part of subcall function 0090A16E: HeapFree.KERNEL32(00000000), ref: 0090A20E
          Strings
          • === Logging stopped: %S ===, xrefs: 0090955B
          • Failed to open the box, xrefs: 00909386
          • temp, xrefs: 0090930D
          • \dd_%s_decompression_log.txt, xrefs: 0090931F
          • Launched extracted application exiting with result code: 0x%x, xrefs: 00909536
          • Failed to select and/or prepare the directory for extraction, xrefs: 00909414
          • Failed to allocate memory to hold extracted file handles., xrefs: 00909449
          • Unable to estimate the required size, xrefs: 009093B9
          • Failed to allocate log, xrefs: 00909351
          • Prerequisite required on system., xrefs: 009093F8
          • Failed to preload libraries., xrefs: 00909278
          • Failed to initialize arguments, xrefs: 00909292
          • Failed to extract, xrefs: 00909472
          • Failed to execute file, xrefs: 009094AB
          • The entire Box execution exiting with result code: 0x%x, xrefs: 00909523
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$FileHandleHeap$CloseDefaultDeleteDirectoriesFreeModuleMoveProcess
          • String ID: === Logging stopped: %S ===$Failed to allocate log$Failed to allocate memory to hold extracted file handles.$Failed to execute file$Failed to extract$Failed to initialize arguments$Failed to open the box$Failed to preload libraries.$Failed to select and/or prepare the directory for extraction$Launched extracted application exiting with result code: 0x%x$Prerequisite required on system.$The entire Box execution exiting with result code: 0x%x$Unable to estimate the required size$\dd_%s_decompression_log.txt$temp
          • API String ID: 1601212343-1545929208
          • Opcode ID: 460450a2698be2a4cb33e3183b6a6d318255d85b7152ecfa061ede7a394939ff
          • Instruction ID: 3c1d375aed666631e78cd3d11511306f3d5f1ebc1aeefad87326d905b09a0ece
          • Opcode Fuzzy Hash: 460450a2698be2a4cb33e3183b6a6d318255d85b7152ecfa061ede7a394939ff
          • Instruction Fuzzy Hash: 0CA11271A093259FC725EB64DC05B6B77E9AFC0714F004A18F986972D2EB70D802DB92
          Function 0090B7E1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 41libraryfileloaderCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 376 90b7e1-90b7eb 377 90b82b-90b836 DecryptFileW 376->377 378 90b7ed-90b7fa LoadLibraryW 376->378 379 90b863-90b866 377->379 380 90b838-90b83e GetLastError 377->380 381 90b809-90b81c GetProcAddress 378->381 382 90b7fc-90b807 GetLastError 378->382 383 90b843-90b862 call 90dcd9 380->383 381->377 384 90b81e-90b829 GetLastError 381->384 382->383 383->379 384->383
          APIs
          • LoadLibraryW.KERNEL32(advapi32.dll,00000000,0090B098,00000000,00000080,?,00000000), ref: 0090B7F2
          • GetLastError.KERNEL32 ref: 0090B7FC
          • GetProcAddress.KERNEL32(00000000,DecryptFileW), ref: 0090B80F
          • GetLastError.KERNEL32 ref: 0090B81E
          • DecryptFileW.ADVAPI32(04BCA4A0,00000000), ref: 0090B82E
          • GetLastError.KERNEL32 ref: 0090B838
          Strings
          • Failed to load advapi32.dll, xrefs: 0090B802
          • Failed to load DecryptFileW from advapi.dll, xrefs: 0090B824
          • DecryptFileW, xrefs: 0090B809
          • Failed to decrypt the extract directory, xrefs: 0090B83E
          • advapi32.dll, xrefs: 0090B7ED
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$AddressDecryptFileLibraryLoadProc
          • String ID: DecryptFileW$Failed to decrypt the extract directory$Failed to load DecryptFileW from advapi.dll$Failed to load advapi32.dll$advapi32.dll
          • API String ID: 156776402-3428403797
          • Opcode ID: 925c36e9e82ad38a7aba1540f0b46f4648ba146c645de6869c475383c90e6f0d
          • Instruction ID: 96dd55081ddd8ce99cb6bb062d60f6539c4deb024da7647ca814b080efec0d13
          • Opcode Fuzzy Hash: 925c36e9e82ad38a7aba1540f0b46f4648ba146c645de6869c475383c90e6f0d
          • Instruction Fuzzy Hash: EBF06232369B11EFE71827B97C1A72B33DCAB44745F018429FA62D00F4EF6584006E69
          Function 0090C823 Relevance: 18.1, APIs: 12, Instructions: 143memoryfileCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 387 90c823-90c859 call 90f282 390 90c9ac-90c9bc call 91d981 387->390 391 90c85f-90c867 387->391 393 90c891-90c8ac GetProcessHeap HeapReAlloc 391->393 394 90c869-90c885 GetProcessHeap RtlAllocateHeap 391->394 398 90c8b2 393->398 399 90c98a 393->399 396 90c8b4-90c8d4 ReadFile 394->396 397 90c887-90c88c 394->397 400 90c8da-90c8fb call 90c9bd 396->400 401 90c96b-90c981 GetLastError 396->401 397->390 398->396 402 90c98f-90c991 399->402 400->391 409 90c901-90c903 400->409 401->402 405 90c983-90c988 401->405 402->390 403 90c993-90c9a5 GetProcessHeap RtlFreeHeap 402->403 403->390 406 90c9a7 call 90e9f4 403->406 405->402 406->390 409->402 410 90c909-90c920 GetProcessHeap HeapAlloc 409->410 410->399 411 90c922-90c942 GetProcessHeap HeapAlloc 410->411 411->399 412 90c944-90c969 call 920f90 * 2 411->412 412->402
          APIs
            • Part of subcall function 0090F282: SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,04BC9F88,04BC9F88,?,00909380), ref: 0090F2A1
            • Part of subcall function 0090F282: GetLastError.KERNEL32(?,00909380,?), ref: 0090F2AB
          • GetProcessHeap.KERNEL32(00000008,00020000,00000000,00000000,00000000,00000000,00000000,00000000,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C874
          • RtlAllocateHeap.NTDLL(00000000,?,00909380,?), ref: 0090C87B
          • GetProcessHeap.KERNEL32(00000000,00000000,00909380,00000000,00000000,00000000,00000000,00000000,00000000,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C89D
          • HeapReAlloc.KERNEL32(00000000,?,00909380,?), ref: 0090C8A4
          • ReadFile.KERNELBASE(00000000,00909380,00909380,?,00000000,?,00909380,?), ref: 0090C8CC
          • GetProcessHeap.KERNEL32(00000008,?,00909380,?,?,?,?,00909380,?), ref: 0090C90E
          • HeapAlloc.KERNEL32(00000000,?,00909380,?), ref: 0090C915
          • GetProcessHeap.KERNEL32(00000008,?,?,00909380,?), ref: 0090C930
          • HeapAlloc.KERNEL32(00000000,?,00909380,?), ref: 0090C937
          • GetLastError.KERNEL32(?,00909380,?), ref: 0090C96B
          • GetProcessHeap.KERNEL32(00000000,00000000,?,00909380,?), ref: 0090C996
          • RtlFreeHeap.NTDLL(00000000,?,00909380,?), ref: 0090C99D
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$Process$Alloc$ErrorFileLast$AllocateFreePointerRead
          • String ID:
          • API String ID: 3945950964-0
          • Opcode ID: 7d9ec48ebc12040ff56111bc4bda3d05387627cddff408e4d56b5ded918f165f
          • Instruction ID: 33bfcc52a9584a2215b0f30871738151f7e689883679aa1b1f35113bf15e5fd4
          • Opcode Fuzzy Hash: 7d9ec48ebc12040ff56111bc4bda3d05387627cddff408e4d56b5ded918f165f
          • Instruction Fuzzy Hash: BF4173B2D141199FCB119FE4CC49BAFBBB9FB48300F144269EA15EB250EB35D9009BA0
          Function 0090B697 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 124encryptionCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 465 90b697-90b6d1 CryptAcquireContextW 466 90b703-90b714 CryptGenRandom 465->466 467 90b6d3-90b6d9 GetLastError 465->467 469 90b723-90b736 466->469 470 90b716-90b721 GetLastError 466->470 468 90b6de-90b6fe call 90dcd9 467->468 475 90b7b5-90b7b9 468->475 471 90b7b4 469->471 472 90b738-90b75c call 90e326 469->472 470->468 471->475 480 90b7a4-90b7af call 90dcd9 472->480 481 90b75e-90b764 472->481 478 90b7c6-90b7c8 475->478 479 90b7bb-90b7c0 CryptReleaseContext 475->479 482 90b7d1-90b7e0 call 91d981 478->482 483 90b7ca-90b7cc call 90e635 478->483 479->478 493 90b7b2-90b7b3 480->493 485 90b766-90b76b 481->485 486 90b76d-90b77f call 90e283 481->486 483->482 490 90b78c-90b793 485->490 496 90b781-90b783 486->496 497 90b797-90b7a2 call 90dcd9 486->497 490->472 495 90b795 490->495 493->471 495->471 496->490 498 90b785-90b787 call 90e635 496->498 497->493 498->490
          APIs
          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,00000000,?,?,?,?,?,?,?,?,0090B567), ref: 0090B6C9
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0090B567), ref: 0090B6D3
          • CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,?,?,?,?,0090B567), ref: 0090B70C
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0090B567), ref: 0090B716
          • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0090B7C0
          Strings
          • %02x, xrefs: 0090B74A
          • Failed to acquire Crypto context, xrefs: 0090B6D9
          • Failed to concatenate the formatted byte to the random string, xrefs: 0090B797
          • Failed to allocate formatted current byte for the random string, xrefs: 0090B7A4
          • Failed to generate a random value, xrefs: 0090B71C
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Crypt$ContextErrorLast$AcquireRandomRelease
          • String ID: %02x$Failed to acquire Crypto context$Failed to allocate formatted current byte for the random string$Failed to concatenate the formatted byte to the random string$Failed to generate a random value
          • API String ID: 236824231-4110481378
          • Opcode ID: e1244c2e6e8424720bd2a30045355f28e9c6b61610b7109507d329467b5101ed
          • Instruction ID: 713a9b43dc7ad6cad57906df0e3e5e246e7374d7c46470185feccc5ea68fa3a8
          • Opcode Fuzzy Hash: e1244c2e6e8424720bd2a30045355f28e9c6b61610b7109507d329467b5101ed
          • Instruction Fuzzy Hash: 0E41E432F052189FEB119BA4DC56BBFB7B5EFC4710F150015E901AB2C1DB7998029BA1
          Function 0090DC5D Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46timeCOMMON
          Download Yara Rule
          APIs
          • GetLocalTime.KERNEL32(?,00000000,?), ref: 0090DC76
            • Part of subcall function 0090DFC0: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0090DFD3
            • Part of subcall function 0090DE8E: lstrlenA.KERNEL32(00000000,?,5/23/2024, 12:28:57,?), ref: 0090DEBF
            • Part of subcall function 0090DE8E: WriteFile.KERNELBASE(00000000,00000000,00000004,00000000), ref: 0090DEDF
            • Part of subcall function 0090DE8E: WriteFile.KERNELBASE(00908628,00000002,00000000,00000000), ref: 0090DF0C
            • Part of subcall function 0090DE8E: GetLastError.KERNEL32 ref: 0090DF16
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: FileWrite$ErrorLastLocalTime__vswprintf_c_llstrlen
          • String ID: %u/%u/%u, %u:%u:%u$5/23/2024, 12:28:57$[%s]
          • API String ID: 2409570166-3037906254
          • Opcode ID: afdc1918b747f7085ef95acb9a612788608ee34a4027f24a5d55647a7f3b06e8
          • Instruction ID: bdb60816500f4d1641b5cfc30d7eab43cfbd55f96ce5db8a700bb1eb4906a473
          • Opcode Fuzzy Hash: afdc1918b747f7085ef95acb9a612788608ee34a4027f24a5d55647a7f3b06e8
          • Instruction Fuzzy Hash: 56014BA1A05218BECB10EBE58C05EBFB7BCEB88B11F000455B944E6181EA799E41D775
          Function 0090E656 Relevance: 6.0, APIs: 4, Instructions: 32timeCOMMON
          Download Yara Rule
          APIs
          • GetTimeZoneInformation.KERNELBASE(?,?), ref: 0090E673
          • GetSystemTime.KERNEL32(?), ref: 0090E682
          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?), ref: 0090E694
          • GetSystemTime.KERNEL32(?), ref: 0090E69F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Time$System$InformationLocalSpecificZone
          • String ID:
          • API String ID: 1716759327-0
          • Opcode ID: 80bce954ebf8f235a92748319e1d2f5bde4dfceca0d96fdc44044d780c7b5e12
          • Instruction ID: 4e380b410a9d5f8d7fadcdaff33e8650f82b2c572f9911ec7b005cac331910f9
          • Opcode Fuzzy Hash: 80bce954ebf8f235a92748319e1d2f5bde4dfceca0d96fdc44044d780c7b5e12
          • Instruction Fuzzy Hash: 02F03A71A05119EBDB08DBA5ED48AEF77BCEF44210F000665EA12E3194EB309A089E90
          Function 00911284 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_GS.LIBCMT ref: 0091128B
            • Part of subcall function 00911343: __EH_prolog3.LIBCMT ref: 0091134A
            • Part of subcall function 009123AD: __EH_prolog3.LIBCMT ref: 009123B4
            • Part of subcall function 00912634: __EH_prolog3.LIBCMT ref: 0091263B
          • GetSystemInfo.KERNELBASE ref: 00911328
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3$H_prolog3_InfoSystem
          • String ID:
          • API String ID: 589832219-0
          • Opcode ID: 6ac874aae2dfb7611aa5aca47153a79c93759ed9cbbbe2a96012c9a07bf2aa76
          • Instruction ID: daa141f9f7a3be1223c975240bff3b26eee50937f71617e02898a5d413d9df44
          • Opcode Fuzzy Hash: 6ac874aae2dfb7611aa5aca47153a79c93759ed9cbbbe2a96012c9a07bf2aa76
          • Instruction Fuzzy Hash: E8113770A06688EFCB09EB78C9553CCFBB0BF95300F60815DE16997291DB742B55CB92
          Function 0090A7E0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 120windowCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 251 90a7e0-90a7f2 252 90a7f8 251->252 253 90a8ab-90a8b2 251->253 255 90a8e8-90a8f9 GetDlgItem 252->255 256 90a7fe-90a802 252->256 254 90a8b4-90a8b7 253->254 253->255 254->255 257 90a8b9-90a8be 254->257 258 90a939-90a93f 255->258 259 90a8fb-90a901 GetLastError 255->259 260 90a8a2-90a8a9 PostQuitMessage 256->260 261 90a808-90a80b 256->261 263 90a8c0-90a8d1 GetDlgItem 257->263 264 90a935-90a937 257->264 266 90a940-90a941 SendMessageW 258->266 265 90a906-90a92b call 90dcd9 259->265 262 90a849-90a84c 260->262 267 90a80d-90a813 261->267 268 90a87e-90a88c call 90a94e 261->268 262->264 272 90a8e0-90a8e6 263->272 273 90a8d3-90a8de GetLastError 263->273 269 90a947-90a94b 264->269 265->264 283 90a92d-90a92f EndDialog 265->283 266->269 270 90a851-90a85b 267->270 271 90a815-90a818 267->271 284 90a896-90a8a0 KiUserCallbackDispatcher 268->284 285 90a88e-90a894 268->285 277 90a86a-90a87c SetEvent 270->277 278 90a85d-90a860 270->278 271->264 276 90a81e-90a826 271->276 272->266 273->265 276->264 281 90a82c-90a83a call 90a94e 276->281 277->262 278->277 282 90a862-90a864 SetWindowTextW 278->282 281->262 288 90a83c-90a843 SendMessageW 281->288 282->277 283->264 284->262 285->262 285->284 288->262
          APIs
          • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 0090A843
          • SetWindowTextW.USER32(?,04BB54C0), ref: 0090A864
          • SetEvent.KERNEL32 ref: 0090A876
          • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 0090A89A
            • Part of subcall function 0090A94E: EnterCriticalSection.KERNEL32(0093A91C,00000000,?,?,?,?,0090A886), ref: 0090A962
            • Part of subcall function 0090A94E: MessageBoxW.USER32(?,?,00000024,?), ref: 0090A997
            • Part of subcall function 0090A94E: LeaveCriticalSection.KERNEL32(0093A91C,?,?,?,0090A886), ref: 0090A9B3
          • PostQuitMessage.USER32(00000000), ref: 0090A8A3
          • GetDlgItem.USER32(?,000003E9), ref: 0090A8C9
          • GetLastError.KERNEL32 ref: 0090A8D3
          • GetDlgItem.USER32(?,000003E8), ref: 0090A8F1
          • GetLastError.KERNEL32 ref: 0090A8FB
          • EndDialog.USER32(?,?), ref: 0090A92F
          • SendMessageW.USER32(00000000,?,?,?), ref: 0090A941
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Message$CriticalErrorItemLastSectionSend$CallbackDialogDispatcherEnterEventLeavePostQuitTextUserWindow
          • String ID: Failed to get progress bar control.$Failed to get status static control.
          • API String ID: 1786187333-1184021424
          • Opcode ID: dae81bd093db1d96bd2af7b083861cd3eb9a9c4f28793bcc766dce0ad998c0cd
          • Instruction ID: 27c05ab5977759ce90b85b637c2e5d79122965b70749467d7b4e3f6c36f00b1a
          • Opcode Fuzzy Hash: dae81bd093db1d96bd2af7b083861cd3eb9a9c4f28793bcc766dce0ad998c0cd
          • Instruction Fuzzy Hash: BE31E232A18314EFDB254F25DD08A6B3B7CEB94750B028121FE55A61F0C7358C42EAE2
          Function 00909EE2 Relevance: 22.7, APIs: 6, Strings: 9, Instructions: 226memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 289 909ee2-909f20 GetProcessHeap HeapAlloc 290 909f22-909f37 call 90dcd9 289->290 291 909f3c-909f44 289->291 299 90a109-90a10a 290->299 292 90a011-90a015 291->292 293 909f4a 291->293 297 90a017-90a040 GetProcessHeap HeapAlloc 292->297 298 90a05e-90a06b call 90a52b 292->298 296 909f4d-909f69 call 90be30 293->296 304 909f6e-909f72 296->304 297->298 302 90a042 297->302 310 90a074-90a093 call 90dc5d call 90a736 298->310 311 90a06d-90a072 298->311 303 90a10b call 90a685 299->303 306 90a04c 302->306 313 90a110-90a115 303->313 308 90a057-90a05c 304->308 309 909f78-909f86 call 90bfbb 304->309 312 90a051 306->312 308->312 309->306 322 909f8c-909f90 309->322 332 90a095-90a09e call 90a766 310->332 333 90a0ee-90a0fc call 90a736 call 90a766 310->333 311->312 312->308 316 90a117-90a11c 313->316 317 90a14c-90a152 313->317 320 90a133-90a145 GetProcessHeap HeapFree 316->320 321 90a11e-90a123 316->321 320->317 329 90a147 call 90e9f4 320->329 324 90a125-90a12a call 90c781 321->324 325 90a12d-90a131 321->325 326 909f92-909f98 322->326 327 909f9a-909fa5 322->327 324->325 325->320 325->321 331 909fa7-909fac 326->331 327->331 329->317 336 909feb-909ff0 331->336 337 909fae-909fb1 331->337 345 90a0a0-90a0a3 332->345 346 90a0fe-90a104 call 90dcd9 332->346 333->313 333->346 341 909ff2 call 90e635 336->341 342 909ff7-90a008 336->342 343 909fb4-909fb9 337->343 341->342 342->296 348 90a00e 342->348 349 909fbb-909fbd 343->349 350 909fbf-909fc6 343->350 354 90a0a5-90a0b5 call 90c1a3 345->354 355 90a0bb-90a0c4 call 90a766 345->355 346->299 348->292 352 909fc9-909fd0 349->352 350->352 357 909fd2 call 90e635 352->357 358 909fd7-909fdc 352->358 354->355 366 90a155-90a156 354->366 355->346 368 90a0c6-90a0dd call 90c407 355->368 357->358 363 909fe3-909fe9 358->363 364 909fde call 90e635 358->364 363->336 363->343 364->363 369 90a15b-90a164 call 90dcd9 366->369 372 90a0e2-90a0e6 368->372 369->303 374 90a166-90a16c 372->374 375 90a0e8-90a0ec 372->375 374->369 375->332 375->333
          APIs
          • GetProcessHeap.KERNEL32(00000008,?,?,00000000), ref: 00909F0E
          • HeapAlloc.KERNEL32(00000000), ref: 00909F15
          • GetProcessHeap.KERNEL32(00000000,00000002), ref: 0090A02C
          • HeapAlloc.KERNEL32(00000000), ref: 0090A033
            • Part of subcall function 0090A685: EnterCriticalSection.KERNEL32(0093A91C,00000000,00000000,0090A110), ref: 0090A6A4
            • Part of subcall function 0090A685: LeaveCriticalSection.KERNEL32(0093A91C), ref: 0090A6B5
            • Part of subcall function 0090A685: PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 0090A6C9
            • Part of subcall function 0090A685: WaitForSingleObject.KERNEL32(0000021C,000000FF), ref: 0090A6DB
            • Part of subcall function 0090A685: DeleteCriticalSection.KERNEL32(0093A91C,00000000,00000000,0090A110), ref: 0090A6F6
            • Part of subcall function 0090A685: CloseHandle.KERNEL32(0000021C,0090A110), ref: 0090A71D
            • Part of subcall function 0090A685: CloseHandle.KERNEL32(00000218,0090A110), ref: 0090A72D
          • GetProcessHeap.KERNEL32(00000000,?), ref: 0090A136
          • HeapFree.KERNEL32(00000000), ref: 0090A13D
          Strings
          • User canceled extraction..., xrefs: 0090A0FE
          • Failed to allocate memory to hold container handles., xrefs: 00909F22
          • Extracting files to: %S, xrefs: 0090A077
          • Failed to verify box container #%d., xrefs: 0090A156
          • Failed to extract all files out of box container #%d., xrefs: 0090A167
          • Failed to start reporting progress, xrefs: 0090A06D
          • Failed to open container., xrefs: 0090A057
          • Failed to read container header., xrefs: 0090A04C
          • Failed to alloc cleanup list buffer, xrefs: 0090A042
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$CriticalProcessSection$AllocCloseHandle$DeleteEnterFreeLeaveMessageObjectPostSingleWait
          • String ID: Extracting files to: %S$Failed to alloc cleanup list buffer$Failed to allocate memory to hold container handles.$Failed to extract all files out of box container #%d.$Failed to open container.$Failed to read container header.$Failed to start reporting progress$Failed to verify box container #%d.$User canceled extraction...
          • API String ID: 1232561938-3704756192
          • Opcode ID: 1d00156958ad6b063d6315b4c9c9fd3a461324bb900336a78fcaddebcc0b461c
          • Instruction ID: 53f29cd4d4df19270548fecf94638f1fdd92771c44080a31cb7ef5f3b7f79d60
          • Opcode Fuzzy Hash: 1d00156958ad6b063d6315b4c9c9fd3a461324bb900336a78fcaddebcc0b461c
          • Instruction Fuzzy Hash: C071B132E0431AAFDB259FA4CC45B6EB7B5AF81750F154128E901AB2C1DB70ED41DBD2
          Function 0090AF85 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 129memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 417 90af85-90afc7 call 91f080 call 90b110 422 90afc9-90afd6 call 90dcd9 417->422 423 90afdb-90afe2 417->423 433 90b0a9-90b0b0 422->433 425 90b082-90b08e call 90ea89 423->425 426 90afe8-90afec 423->426 431 90b090-90b0a1 call 90b7e1 call 90dc5d 425->431 436 90b072-90b080 call 90dcd9 425->436 428 90b045-90b052 CreateDirectoryW 426->428 429 90afee-90b006 call 90f079 426->429 428->431 432 90b054-90b06f GetLastError 428->432 445 90b021-90b028 429->445 446 90b008-90b017 GetFileAttributesW 429->446 456 90b0a6 431->456 432->436 438 90b0d0-90b0d5 433->438 439 90b0b2-90b0c9 GetProcessHeap HeapFree 433->439 436->456 443 90b0d6-90b0d9 438->443 439->438 442 90b0cb call 90e9f4 439->442 442->438 452 90b0f5-90b0fb 443->452 453 90b0db-90b0ee GetProcessHeap HeapFree 443->453 448 90b035-90b037 445->448 449 90b02a-90b030 call 90e635 445->449 446->445 447 90b019-90b01e 446->447 447->445 457 90b042-90b044 448->457 458 90b039-90b03d call 90eb72 448->458 449->448 452->443 460 90b0fd-90b10d call 91d981 452->460 453->452 459 90b0f0 call 90e9f4 453->459 456->433 457->428 458->457 459->452
          APIs
          • GetFileAttributesW.KERNEL32(?,00000000,00000080,?,00000000), ref: 0090B00E
          • CreateDirectoryW.KERNELBASE(04BCA4A0,00000000,00000000,00000080,?,00000000), ref: 0090B04A
          • GetLastError.KERNEL32 ref: 0090B054
          • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 0090B0BA
          • HeapFree.KERNEL32(00000000), ref: 0090B0C1
          • GetProcessHeap.KERNEL32(00000000,?,?,00000000), ref: 0090B0DF
          • HeapFree.KERNEL32(00000000), ref: 0090B0E6
          Strings
          • Failed to select the directory to extract to, xrefs: 0090AFC9
          • Directory '%S' has been selected for file extraction, xrefs: 0090B09B
          • Failed to create the directory to extract to %ls., xrefs: 0090B075
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$FreeProcess$AttributesCreateDirectoryErrorFileLast
          • String ID: Directory '%S' has been selected for file extraction$Failed to create the directory to extract to %ls.$Failed to select the directory to extract to
          • API String ID: 2094841491-3677837842
          • Opcode ID: ef3032bff35f263f72182c01d3dfc73024cefafcd8a8a1390aa1ab718144c72e
          • Instruction ID: df7c5d5a81e4037c18d08e776bf3e22880ad0890ef10e2abe0faab5d667e4bbd
          • Opcode Fuzzy Hash: ef3032bff35f263f72182c01d3dfc73024cefafcd8a8a1390aa1ab718144c72e
          • Instruction Fuzzy Hash: 0C41E432A042149FEB216B74DC8AB6BB3B9EF84310F004564EA19AB0D5DF719D85DBA0
          Function 0090D470 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229timefileCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 502 90d470-90d4a3 503 90d4c4-90d4ca 502->503 504 90d4a5-90d4ab 502->504 506 90d4d0-90d4d3 503->506 507 90d5be 503->507 504->503 505 90d4ad-90d4b8 call 90dae3 504->505 517 90d4c1 505->517 518 90d4ba-90d4bc 505->518 510 90d5c5-90d5df call 90e326 506->510 511 90d4d9-90d4dc 506->511 509 90d5c1-90d5c3 507->509 513 90d58b-90d58d 509->513 528 90d5e5-90d5ed 510->528 529 90d6fe 510->529 515 90d4f2-90d50e DosDateTimeToFileTime 511->515 516 90d4de-90d4e4 511->516 520 90d596-90d59e 513->520 521 90d58f-90d591 call 90e635 513->521 523 90d510-90d520 LocalFileTimeToFileTime 515->523 524 90d531-90d543 FindCloseChangeNotification 515->524 516->509 522 90d4ea-90d4ed 516->522 517->503 527 90d5a5-90d5b3 call 91d981 518->527 531 90d5a0 520->531 532 90d5a3 520->532 521->520 522->509 523->524 533 90d522-90d52b SetFileTime 523->533 525 90d5b4-90d5bb 524->525 526 90d545-90d55f call 90e326 524->526 525->507 526->529 542 90d565-90d57d 526->542 536 90d611-90d61c call 90ef28 528->536 537 90d5ef-90d605 528->537 531->532 532->527 533->524 544 90d628-90d63e call 90ea89 536->544 545 90d61e-90d623 536->545 569 90d605 call 90a240 537->569 570 90d605 call 90a736 537->570 571 90d57d call 90a240 542->571 572 90d57d call 90a736 542->572 546 90d588 544->546 552 90d644-90d667 call 90f358 544->552 545->546 546->513 549 90d607-90d60b 549->536 551 90d585 549->551 551->546 556 90d692-90d699 552->556 557 90d669-90d682 GetLastError 552->557 553 90d57f-90d583 553->525 553->551 559 90d6d0 556->559 560 90d69b-90d6a9 call 90f358 556->560 557->513 558 90d688-90d68d 557->558 558->513 561 90d6d2-90d6e2 SetFilePointer 559->561 564 90d6ae-90d6b3 560->564 561->509 563 90d6e8-90d6f9 SetEndOfFile SetFilePointer 561->563 563->509 564->557 565 90d6b5-90d6be 564->565 566 90d6c0-90d6c5 565->566 567 90d6cc-90d6ce 565->567 566->566 568 90d6c7 566->568 567->561 568->567 569->549 570->549 571->553 572->553
          APIs
          • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0090D506
          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0090D518
          • SetFileTime.KERNELBASE(?,?,?,?), ref: 0090D52B
          • FindCloseChangeNotification.KERNELBASE(?), ref: 0090D534
          • GetLastError.KERNEL32(00000003,?,00000003,08000080,?,00000001,?,00000002,08000080), ref: 0090D669
          • SetFilePointer.KERNELBASE(00000000,?,00000000,00000000,00000001,?,00000002,08000080), ref: 0090D6DA
          • SetEndOfFile.KERNELBASE(00000000,?,00000002,08000080), ref: 0090D6E9
          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,00000002,08000080), ref: 0090D6F3
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: File$Time$Pointer$ChangeCloseDateErrorFindLastLocalNotification
          • String ID: %s%S
          • API String ID: 3964647037-4203644592
          • Opcode ID: 1add0dae7c2b8d93c210611dc42754ebf56eed2eb093e82cfbc9cd5d735531db
          • Instruction ID: c51e470088042178135d28da759c3d71d1e7ef16d73e1bcbec5831cd2b7a7bb4
          • Opcode Fuzzy Hash: 1add0dae7c2b8d93c210611dc42754ebf56eed2eb093e82cfbc9cd5d735531db
          • Instruction Fuzzy Hash: 5971AD32A022259FCB218FA4CC85ABEBBA8EF48714F054155F905AB2E5D735DC01DBA0
          Function 0090A52B Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 66COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 573 90a52b-90a53a 574 90a546-90a550 573->574 575 90a53c-90a541 573->575 577 90a556-90a599 GetModuleHandleW call 90ea1c InitializeCriticalSection CreateEventW 574->577 578 90a629 574->578 576 90a681-90a684 575->576 584 90a5c8-90a5df CreateThread 577->584 585 90a59b-90a5a1 GetLastError 577->585 580 90a633-90a635 578->580 582 90a637-90a63d 580->582 583 90a67f 580->583 586 90a650-90a658 582->586 587 90a63f-90a64a DeleteCriticalSection 582->587 583->576 589 90a5e1-90a5ec GetLastError 584->589 590 90a5ee-90a603 WaitForSingleObject 584->590 588 90a5a6-90a5c6 call 90dcd9 585->588 591 90a65a call 90e635 586->591 592 90a65f-90a666 586->592 587->586 588->580 589->588 591->592 593 90a668-90a669 CloseHandle 592->593 594 90a66f-90a676 592->594 593->594 594->583 597 90a678-90a679 CloseHandle 594->597 597->583
          APIs
          • GetModuleHandleW.KERNEL32(00000000,0093A8D0,?,00000002,0090A067), ref: 0090A557
          • InitializeCriticalSection.KERNEL32(0093A91C,0093A93C), ref: 0090A578
          • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0090A58C
          • GetLastError.KERNEL32 ref: 0090A59B
          Strings
          • Failed to create the UI thread, xrefs: 0090A5E7
          • Failed to create progress reporting initialization event, xrefs: 0090A5A1
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CreateCriticalErrorEventHandleInitializeLastModuleSection
          • String ID: Failed to create progress reporting initialization event$Failed to create the UI thread
          • API String ID: 2226242565-3587447334
          • Opcode ID: d3d51cf85791f11b1857370b239130149beaf034aa891c688114c7ac816d4236
          • Instruction ID: 33f961b973e3746ee57b98f8cdb3891d7266a5eebbd5e70df2a9b4f9844dc51d
          • Opcode Fuzzy Hash: d3d51cf85791f11b1857370b239130149beaf034aa891c688114c7ac816d4236
          • Instruction Fuzzy Hash: 6611C4B2629311EFE7145B759C84B3777ECFB943587124125B951E22E0DB358C01AEB2
          Function 0090C781 Relevance: 15.1, APIs: 10, Instructions: 63memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 600 90c781-90c788 601 90c792-90c797 600->601 602 90c78a-90c78c FindCloseChangeNotification 600->602 603 90c7b3-90c7b6 601->603 604 90c799-90c7ac GetProcessHeap HeapFree 601->604 602->601 605 90c7d2-90c7d5 603->605 606 90c7b8-90c7cb GetProcessHeap HeapFree 603->606 604->603 607 90c7ae call 90e9f4 604->607 609 90c7f1-90c7f6 605->609 610 90c7d7-90c7ea GetProcessHeap HeapFree 605->610 606->605 608 90c7cd call 90e9f4 606->608 607->603 608->605 614 90c7f8 call 90e635 609->614 615 90c7fd-90c802 609->615 610->609 613 90c7ec call 90e9f4 610->613 613->609 614->615 618 90c804 call 90e635 615->618 619 90c809-90c81c GetProcessHeap HeapFree 615->619 618->619 621 90c822 619->621 622 90e9f4-90ea0a GetLastError 619->622 621->622
          APIs
          • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,00909ED8,?,00000000), ref: 0090C78C
          • GetProcessHeap.KERNEL32(00000000,?,?,00000000,00909ED8,?,00000000), ref: 0090C79D
          • HeapFree.KERNEL32(00000000), ref: 0090C7A4
          • GetProcessHeap.KERNEL32(00000000,?,?,00000000,00909ED8,?,00000000), ref: 0090C7BC
          • HeapFree.KERNEL32(00000000), ref: 0090C7C3
          • GetProcessHeap.KERNEL32(00000000,?,?,00000000,00909ED8,?,00000000), ref: 0090C7DB
          • HeapFree.KERNEL32(00000000), ref: 0090C7E2
          • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00909ED8,?,00000000), ref: 0090C80B
          • HeapFree.KERNEL32(00000000), ref: 0090C812
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$FreeProcess$ChangeCloseFindNotification
          • String ID:
          • API String ID: 128005546-0
          • Opcode ID: 470f6511db694751156270364adf014e3ebf0334f2fc1df837931d24d937cfc6
          • Instruction ID: 8b5b765436e7f7d85ac313c696adbcadef2b2645142c329f1e3d22725fe4d992
          • Opcode Fuzzy Hash: 470f6511db694751156270364adf014e3ebf0334f2fc1df837931d24d937cfc6
          • Instruction Fuzzy Hash: 02116A71204601DFDB352FB59C9CA3B76BDBF847823040B2DF66AC14A0DB248842AF62
          Function 0090B867 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 116libraryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 623 90b867-90b8b0 call 91f080 GetSystemDirectoryW 626 90b8e2-90b8ed 623->626 627 90b8b2-90b8d2 GetLastError 623->627 629 90b935-90b94c call 90bad3 626->629 630 90b8ef-90b906 call 90bad3 626->630 628 90b8d5-90b8dd call 90dcd9 627->628 639 90b9c1-90b9d1 call 91d981 628->639 637 90b973-90b979 629->637 638 90b94e-90b971 call 90bb15 629->638 640 90b908-90b92c call 90bb15 630->640 641 90b92e-90b933 630->641 643 90b9b8-90b9be call 90dcd9 637->643 638->637 650 90b97b-90b992 LoadLibraryW 638->650 640->629 640->641 641->628 643->639 650->639 652 90b994-90b9b5 GetLastError 650->652 652->643
          APIs
          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0090B8A8
          • GetLastError.KERNEL32(?,00000000), ref: 0090B8B2
          • LoadLibraryW.KERNELBASE(?,?,009082A4,7FFFFFFE,?,?,?,00000000), ref: 0090B982
          • GetLastError.KERNEL32(?,009082A4,7FFFFFFE,?,?,?,00000000), ref: 0090B994
          Strings
          • Failed to get the Windows system directory., xrefs: 0090B8C3
          • Failed to terminate the string with a backslash., xrefs: 0090B92E
          • Failed to create the fully-qualified path to %ls., xrefs: 0090B974
          • Failed to load the library %ls., xrefs: 0090B9B0
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$DirectoryLibraryLoadSystem
          • String ID: Failed to create the fully-qualified path to %ls.$Failed to get the Windows system directory.$Failed to load the library %ls.$Failed to terminate the string with a backslash.
          • API String ID: 2108159120-3861989282
          • Opcode ID: 65099f41d5406ed94b83230e1e68ebf8077aa138c1b465f352c4853d4080ab41
          • Instruction ID: 7c91c445f9ef077c61d2b9e9c3a49e9768e5a243b45a7be0af778e9e95f4f6fe
          • Opcode Fuzzy Hash: 65099f41d5406ed94b83230e1e68ebf8077aa138c1b465f352c4853d4080ab41
          • Instruction Fuzzy Hash: 52310772F412389FDB259B24DC89BEB73E8DB94704F1102A9ED15E72C1EF709D448AA0
          Function 0090F920 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277timeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 653 90f920-90f972 call 93306c 658 90fc00-90fc17 653->658 659 90f978-90f97c 653->659 669 90fc1b-90fc2e call 910c67 call 933016 658->669 660 90f982-90f9a1 659->660 661 90fbc6-90fbd9 call 90f3e1 659->661 660->658 673 90f9a7-90f9f0 call 912e15 call 912ba1 call 933516 660->673 666 90fbe4-90fbfe 661->666 667 90fbdb-90fbe1 661->667 666->658 666->669 667->666 686 90f9f2-90fa07 call 927c31 673->686 687 90fa33-90fa74 call 91f080 call 9277b1 call 933516 673->687 693 90fa09 686->693 694 90fa0c-90fa2e call 933516 686->694 687->658 702 90fa7a-90fa87 call 912efb 687->702 693->694 694->658 705 90fc39-90fc4f call 927c31 702->705 706 90fa8d-90fa92 702->706 712 90fc51 705->712 713 90fc54-90fc69 705->713 706->705 708 90fa98-90fabf call 910c67 706->708 708->658 716 90fac5-90faca 708->716 712->713 713->658 717 90facc-90fadc FileTimeToLocalFileTime 716->717 718 90fafe-90fb25 call 910c67 716->718 719 90faf4-90faf9 717->719 720 90fade-90faf2 FileTimeToDosDateTime 717->720 718->658 725 90fb2b-90fb30 718->725 719->658 720->718 720->719 726 90fb32-90fb36 725->726 727 90fb39-90fb83 call 90d470 725->727 726->727 729 90fb85-90fb8b 727->729 729->661 730 90fb8d-90fb90 729->730 731 90fc31-90fc37 730->731 732 90fb96-90fbac call 927c31 730->732 731->661 735 90fbb1-90fbc3 732->735 736 90fbae 732->736 735->661 736->735
          APIs
          • __EH_prolog3_GS.LIBCMT ref: 0090F927
          • __get_errno.LIBCMT ref: 0090FC47
            • Part of subcall function 00912E15: __EH_prolog3.LIBCMT ref: 00912E1C
            • Part of subcall function 00912BA1: __EH_prolog3.LIBCMT ref: 00912BA8
          • __get_errno.LIBCMT ref: 0090FBA4
          • __get_errno.LIBCMT ref: 0090F9FF
            • Part of subcall function 00910C67: VariantClear.OLEAUT32 ref: 00910C8B
          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0090FAD4
          • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 0090FAEA
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Time$File__get_errno$H_prolog3$ClearDateH_prolog3_LocalVariant
          • String ID: @
          • API String ID: 613219787-2766056989
          • Opcode ID: 6bb457e5ce120def816b524a922d4a5d60847f9b5715e76d0c4515cd446a16cc
          • Instruction ID: c312c091e781f8ff80057d97211806a7cbfaade4240bea96667a75e93252766c
          • Opcode Fuzzy Hash: 6bb457e5ce120def816b524a922d4a5d60847f9b5715e76d0c4515cd446a16cc
          • Instruction Fuzzy Hash: 70B17175900209DFCF24DFA4D895AAEBBB5EF48310F148169E855AB3A1DB30EE45CF60
          Function 0090B4E2 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 100COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 738 90b4e2-90b509 call 90dfdf 741 90b520-90b52d GetTempPathW 738->741 742 90b50b-90b51b call 90dcd9 738->742 744 90b55f-90b562 call 90b697 741->744 745 90b52f-90b55a GetLastError call 90dcd9 741->745 751 90b5e3-90b5e5 742->751 750 90b567-90b56b 744->750 745->751 752 90b579-90b57c 750->752 753 90b56d-90b577 call 90b5f7 750->753 754 90b5e7-90b5e9 call 90e635 751->754 755 90b5ee-90b5f4 751->755 757 90b58d-90b59d call 90e283 752->757 758 90b57e-90b58b call 90dcd9 752->758 753->752 754->755 766 90b5b1-90b5bd call 90f0cc 757->766 767 90b59f 757->767 765 90b5d8-90b5da 758->765 765->751 770 90b5dc-90b5de call 90e635 765->770 775 90b5c6-90b5d1 766->775 776 90b5bf-90b5c4 766->776 768 90b5a4-90b5af call 90dcd9 767->768 768->765 770->751 775->765 776->768
          APIs
            • Part of subcall function 0090DFDF: GetProcessHeap.KERNEL32(00000000,?,00000040,00000040,00000000,0090EA39,?,00000000,0093A91C,00900000,00900000,?,0090A98A,?,?,?), ref: 0090DFF7
            • Part of subcall function 0090DFDF: HeapReAlloc.KERNEL32(00000000,?,0090A98A,?,?,?,?,0090A886), ref: 0090DFFE
          • GetTempPathW.KERNEL32(00000104,00000000,0093A8D0,00000000,00000000,?), ref: 0090B525
          • GetLastError.KERNEL32 ref: 0090B52F
          Strings
          • Failed to get temp path., xrefs: 0090B540
          • Failed to concatenate Box GUID on temp path., xrefs: 0090B59F
          • Failed to allocate memory for the temp path., xrefs: 0090B50B
          • Failed to ensure path is backslash terminated., xrefs: 0090B5BF
          • Failed to create a random name, xrefs: 0090B57E
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocErrorLastPathProcessTemp
          • String ID: Failed to allocate memory for the temp path.$Failed to concatenate Box GUID on temp path.$Failed to create a random name$Failed to ensure path is backslash terminated.$Failed to get temp path.
          • API String ID: 2603815699-2694265658
          • Opcode ID: a2ae2b4526ad20334117d183ab2162b0aba24c1b26e7a2f2566f7b0bfef664c7
          • Instruction ID: 376cf694a86948b06999bd1917462fb1fbecac5cd18d20fa310586dc97bd26fb
          • Opcode Fuzzy Hash: a2ae2b4526ad20334117d183ab2162b0aba24c1b26e7a2f2566f7b0bfef664c7
          • Instruction Fuzzy Hash: 70310833E15625EFDB15ABA4DC517AEB3A49F90714F2100A9F801B72C0EF75DE0596C4
          Function 0090B9D2 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 70memoryCOMMON
          Download Yara Rule
          APIs
          • SetDefaultDllDirectories.KERNEL32(00000800,?,00909272), ref: 0090B9E1
          • GetLastError.KERNEL32(?,00909272), ref: 0090B9EB
          • GetProcessHeap.KERNEL32(00000008,00000028,00000000,?,00909272), ref: 0090BA1A
          • HeapAlloc.KERNEL32(00000000,?,00909272), ref: 0090BA21
          Strings
          • Failed to allocate preload data., xrefs: 0090BA32
          • Failed to load module: %ls, xrefs: 0090BA7C
          • Failed to set dll search path to Windows system directory., xrefs: 0090BA03
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocDefaultDirectoriesErrorLastProcess
          • String ID: Failed to allocate preload data.$Failed to load module: %ls$Failed to set dll search path to Windows system directory.
          • API String ID: 3816350858-2989566026
          • Opcode ID: 84f0b9959192e67bfcb2885fe1cc7845a739e9f4667c660dbabf9661de9cd844
          • Instruction ID: cf9e208a8a69abdab5d6cf2e89e69e14f57fb3e1f11edc6a82da1da349b60b80
          • Opcode Fuzzy Hash: 84f0b9959192e67bfcb2885fe1cc7845a739e9f4667c660dbabf9661de9cd844
          • Instruction Fuzzy Hash: 3711E636B44316EFEB009BA59C4575EB7E9EFC0728F208069E941A72D1EF759900DFA0
          Function 0090B110 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 777 90b110-90b120 778 90b122-90b125 777->778 779 90b127-90b12a 777->779 778->779 780 90b16a-90b16d 778->780 781 90b154-90b158 call 90b4e2 779->781 782 90b12c-90b12f 779->782 784 90b1b2-90b1b7 780->784 785 90b16f-90b172 780->785 787 90b15d-90b161 781->787 782->781 786 90b131-90b13a call 90ee3f 782->786 785->784 788 90b174-90b192 GetModuleHandleW DialogBoxParamW 785->788 786->780 795 90b13c-90b14b call 90dcd9 786->795 787->780 790 90b163-90b168 787->790 788->784 791 90b194-90b1a3 call 90dcd9 788->791 793 90b1aa-90b1b1 call 90dcd9 790->793 791->784 800 90b1a5 791->800 793->784 795->780 802 90b14d-90b152 795->802 800->793 802->793
          APIs
          • GetModuleHandleW.KERNEL32(00000000,00000082,00000000,0090B1C0,0093A8D0,0093A8D8,0093A8D8,?,00000000,0093A8D0,0090AFC3,00000000,00000080,?,00000000), ref: 0090B181
          • DialogBoxParamW.USER32(00000000), ref: 0090B188
          Strings
          • Failed to get current directory, xrefs: 0090B13C
          • Failed to select temporary directory for extraction, xrefs: 0090B163
          • Failed to select current directory for extraction, xrefs: 0090B14D
          • Failed while running the extract directory selection dialog., xrefs: 0090B194
          • Failed to select the user-specified directory for extraction, xrefs: 0090B1A5
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: DialogHandleModuleParam
          • String ID: Failed to get current directory$Failed to select current directory for extraction$Failed to select temporary directory for extraction$Failed to select the user-specified directory for extraction$Failed while running the extract directory selection dialog.
          • API String ID: 3900296288-2402499859
          • Opcode ID: 60ddf91c684615ea772c15aab4dc4c47f9396d962005228eae90c42c0ea997c4
          • Instruction ID: b5c0d5a93e8e464695bed196e287efd0cb705bbb1495b236fbad5e07dff15009
          • Opcode Fuzzy Hash: 60ddf91c684615ea772c15aab4dc4c47f9396d962005228eae90c42c0ea997c4
          • Instruction Fuzzy Hash: 7311EC32E5D732EFDB762694DC71D27665DAE60B35310021BF901A66D09BB0AC8096D4
          Function 0090CE19 Relevance: 12.1, APIs: 8, Instructions: 118fileCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090F282: SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,04BC9F88,04BC9F88,?,00909380), ref: 0090F2A1
            • Part of subcall function 0090F282: GetLastError.KERNEL32(?,00909380,?), ref: 0090F2AB
          • ReadFile.KERNELBASE(00000000,?,00000024,00000000,00000000,?,00000000,00000000,?,00000000,00000000), ref: 0090CE60
          • GetLastError.KERNEL32 ref: 0090CE6A
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLast$PointerRead
          • String ID:
          • API String ID: 2170121939-0
          • Opcode ID: a08c966efd9c4d8132a041f8cb0878a84b6d85209533344c16af09fa4b7c6314
          • Instruction ID: fa915c0d88f42ae7103f94aab4200bcec634d62f2347716e4fe41ec7b70f0755
          • Opcode Fuzzy Hash: a08c966efd9c4d8132a041f8cb0878a84b6d85209533344c16af09fa4b7c6314
          • Instruction Fuzzy Hash: 304151B1A1420AAFDB10DFA4DC84BAEB7F9FB44711F104229EB05E7190DB74AD44DBA1
          Function 0090FF00 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 355COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_GS.LIBCMT ref: 0090FF07
            • Part of subcall function 00911284: __EH_prolog3_GS.LIBCMT ref: 0091128B
            • Part of subcall function 00911284: GetSystemInfo.KERNELBASE ref: 00911328
          • __get_errno.LIBCMT ref: 009100AA
          • __get_errno.LIBCMT ref: 00910119
          • __get_errno.LIBCMT ref: 00910175
          • __get_errno.LIBCMT ref: 00910241
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __get_errno$H_prolog3_$InfoSystem
          • String ID: W
          • API String ID: 3065088337-655174618
          • Opcode ID: 4fdb99e24d53a8a4635fbb868ebac1a82f18750dace313f986fec003a0f5f0fc
          • Instruction ID: e1d985eb6758fe0d3ed4be549869f6da4d02a97005105b1b86b54b069c5be24e
          • Opcode Fuzzy Hash: 4fdb99e24d53a8a4635fbb868ebac1a82f18750dace313f986fec003a0f5f0fc
          • Instruction Fuzzy Hash: 94D1B070E04219DFCF14DFA8D8446AEBBF4AF89310F248159E915AB3A1DB75AD81CF90
          Function 0090DD38 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 104COMMON
          Download Yara Rule
          APIs
          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,04BBB8A8,00000000), ref: 0090DD8F
          • GetComputerNameW.KERNEL32(?,?), ref: 0090DDF1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Name$ComputerFileModule
          • String ID: --- logging level: %s ---$=== Logging started: %S ===$Executable: %S v%d.%d.%d.%d$standard
          • API String ID: 2577110986-1073105773
          • Opcode ID: 27ecd4ae981da82a88f4bd7c425a847721e1a1e9b7007eebe9e39bf2e1beb9ab
          • Instruction ID: fd1442babfe10b0997b5e5d2f496f1bbbad01b890aca0ce743c576cfac3b97fa
          • Opcode Fuzzy Hash: 27ecd4ae981da82a88f4bd7c425a847721e1a1e9b7007eebe9e39bf2e1beb9ab
          • Instruction Fuzzy Hash: 863154F1A0222C9FDB209B64DC45BDBB7BC9B94704F0041A5BA49E31C2DA715EC5CFA4
          Function 0090F17C Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
          Download Yara Rule
          APIs
          • GetFileVersionInfoSizeW.KERNELBASE(?,?,00000208,00000000,?,?,?,?,?,0090DDC7,?), ref: 0090F1C0
          • GetLastError.KERNEL32(?,?,?,?,?,0090DDC7,?), ref: 0090F1CD
          • GlobalAlloc.KERNEL32(00000000,00000000,?,?,?,?,?,0090DDC7,?), ref: 0090F1EE
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: AllocErrorFileGlobalInfoLastSizeVersion
          • String ID:
          • API String ID: 959963648-0
          • Opcode ID: c31573b46f95c3656699b9cfb75537a00d8671b0e8c4644e800b203735fc2252
          • Instruction ID: 679441d7f23624cef71de5bcbcb42137971c449fd4611ce4f5106aeda2271991
          • Opcode Fuzzy Hash: c31573b46f95c3656699b9cfb75537a00d8671b0e8c4644e800b203735fc2252
          • Instruction Fuzzy Hash: 4531407AE0421ADFC721DFA9C8549AFB7B8EF84710B11412AED25E7250DB349E419BA0
          Function 0090DE8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78filestringCOMMON
          Download Yara Rule
          APIs
          • lstrlenA.KERNEL32(00000000,?,5/23/2024, 12:28:57,?), ref: 0090DEBF
          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000000), ref: 0090DEDF
          • WriteFile.KERNELBASE(00908628,00000002,00000000,00000000), ref: 0090DF0C
          • GetLastError.KERNEL32 ref: 0090DF16
          • GetLastError.KERNEL32 ref: 0090DF48
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLastWrite$lstrlen
          • String ID: 5/23/2024, 12:28:57
          • API String ID: 3048800281-1739211019
          • Opcode ID: a3abff4efd71609e741e295ee6ffa4d7c213649f7fe5e3fffca27e4a2cbd11c0
          • Instruction ID: caf7870ff96fae1187665183333dae5d5e03525dad92aea461ae913878f15d76
          • Opcode Fuzzy Hash: a3abff4efd71609e741e295ee6ffa4d7c213649f7fe5e3fffca27e4a2cbd11c0
          • Instruction Fuzzy Hash: 6521B372E1521AAFD7109FE5DC44BAFB7B8EB84341F018165EE02E7190EB30DD00DAA0
          Function 0090A685 Relevance: 10.6, APIs: 7, Instructions: 52synchronizationwindowCOMMON
          Download Yara Rule
          APIs
          • EnterCriticalSection.KERNEL32(0093A91C,00000000,00000000,0090A110), ref: 0090A6A4
          • LeaveCriticalSection.KERNEL32(0093A91C), ref: 0090A6B5
          • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 0090A6C9
          • WaitForSingleObject.KERNEL32(0000021C,000000FF), ref: 0090A6DB
          • DeleteCriticalSection.KERNEL32(0093A91C,00000000,00000000,0090A110), ref: 0090A6F6
          • CloseHandle.KERNEL32(0000021C,0090A110), ref: 0090A71D
          • CloseHandle.KERNEL32(00000218,0090A110), ref: 0090A72D
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveMessageObjectPostSingleWait
          • String ID:
          • API String ID: 2807184951-0
          • Opcode ID: 0d80cdacbecef74a7242c7e6448f13b3cc82ef4b0a716d0cd1c3e5d3b720a306
          • Instruction ID: 7dac01297a98bc3b6e0fab073f74796435865cc420096a82038ba7d89846b6e4
          • Opcode Fuzzy Hash: 0d80cdacbecef74a7242c7e6448f13b3cc82ef4b0a716d0cd1c3e5d3b720a306
          • Instruction Fuzzy Hash: 6F112A7062A310DFDB209B25EC88B273BBCABA47117064019F554E21B4C7388900FEA3
          Function 0090BE30 Relevance: 9.1, APIs: 6, Instructions: 146memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000008,00000038,?,00000000,?), ref: 0090BE8A
          • HeapAlloc.KERNEL32(00000000), ref: 0090BE91
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocProcess
          • String ID:
          • API String ID: 1617791916-0
          • Opcode ID: 3f25ad9b171da53ab86240657e1a6985511bcc98d3e570b8b8ff6aa4c115c903
          • Instruction ID: 7ed47afa5925d765187d84204928eedb399a28f6db3069034c7da44ac450a5f0
          • Opcode Fuzzy Hash: 3f25ad9b171da53ab86240657e1a6985511bcc98d3e570b8b8ff6aa4c115c903
          • Instruction Fuzzy Hash: 54518171A0021A9FCB14DFA4C895B6EF7B4FF48711F118569EA15AB281DB74EC01CFA0
          Function 0090A388 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73windowCOMMON
          Download Yara Rule
          APIs
          • __EH_prolog3.LIBCMT ref: 0090A38F
          • SendMessageW.USER32(00008001,00000000,000000FF,00000000), ref: 0090A42A
          • GetModuleHandleW.KERNEL32(00000000,00000004,0090A2B7,00000000,000000FF,?,0090D169,00000006,000000FF,?,?,00000000,000000FF,00000000,?), ref: 0090A45D
          Strings
          • Failed to add file name on to status prefix: %S, xrefs: 0090A3E6
          • %s..., xrefs: 0090A432
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3HandleMessageModuleSend
          • String ID: %s...$Failed to add file name on to status prefix: %S
          • API String ID: 1301287629-1181359081
          • Opcode ID: 76b4b616ce1aebe52ef843be32f24ae884216d2a11bf325e73c30cbcbfa85a78
          • Instruction ID: 3d7c248d8973cbe26baad8d15374a0198602f0796b0f7da75c09e1c280a50fcd
          • Opcode Fuzzy Hash: 76b4b616ce1aebe52ef843be32f24ae884216d2a11bf325e73c30cbcbfa85a78
          • Instruction Fuzzy Hash: 8D210132A15355DFCB24DB609C45B6FB369FB80720F154918F155A71E0CB78AC80EF96
          Function 0090BB5C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50registryCOMMON
          Download Yara Rule
          APIs
          • RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00000001,?,00000000), ref: 0090BB8A
          • RegQueryValueExW.KERNELBASE(?,release,00000000,00000000,?,00000004), ref: 0090BBA6
          • RegCloseKey.ADVAPI32(00000000), ref: 0090BBC6
          Strings
          • SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 0090BB80
          • release, xrefs: 0090BB9E
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CloseOpenQueryValue
          • String ID: SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full$release
          • API String ID: 3677997916-4057153992
          • Opcode ID: 05624a562ace94e0d325a9a708659b9406a70b0a95eda3987039493ca588ddef
          • Instruction ID: 60416085c672d82e96962c77c93f88caebd74ab21af1ee584ae65589a0b78ae9
          • Opcode Fuzzy Hash: 05624a562ace94e0d325a9a708659b9406a70b0a95eda3987039493ca588ddef
          • Instruction Fuzzy Hash: 7E015EB0B4021DAFDB14DFA5DC95BEFBBFCEB04748F004579A915E2090E7745A04DA50
          Function 0090EA89 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
          Download Yara Rule
          APIs
          • GetFileAttributesW.KERNELBASE(00000000,00000001,00000000,04BCA4A0,?,0090B08A,00000000,00000080,?,00000000), ref: 0090EAA9
          • CreateDirectoryW.KERNELBASE(00000000,00000000,?,0090B08A,00000000,00000080,?,00000000), ref: 0090EABF
          • GetLastError.KERNEL32(?,0090B08A,00000000,00000080,?,00000000), ref: 0090EACD
          • CreateDirectoryW.KERNELBASE(00000000,00000000,0093A8D0,?,0090B08A,00000000,00000080,?,00000000), ref: 0090EB2B
          • GetLastError.KERNEL32(?,0090B08A,00000000,00000080,?,00000000), ref: 0090EB35
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CreateDirectoryErrorLast$AttributesFile
          • String ID:
          • API String ID: 925696554-0
          • Opcode ID: 3121eafc2a68f3d53b2247827c3ec32257fb5deed1f94d6fbf1911e3c40f3601
          • Instruction ID: f88f3e30ad57ae82dd67ff8b1dcdb0b88086d44d68dea663cd82afcc9112f654
          • Opcode Fuzzy Hash: 3121eafc2a68f3d53b2247827c3ec32257fb5deed1f94d6fbf1911e3c40f3601
          • Instruction Fuzzy Hash: 9721F636B04331DFDB3156AA8C9177FB269AF84F60F250D25E906EB1D0DB68CC0166D4
          Function 0090A604 Relevance: 7.5, APIs: 5, Instructions: 35windowCOMMON
          Download Yara Rule
          APIs
          • SendMessageW.USER32(00000401,00000000,00000000), ref: 0090A60F
          • SendMessageW.USER32(00000404,00000001,00000000), ref: 0090A623
          • DeleteCriticalSection.KERNEL32(0093A91C,0093A8D0,?,00000002,0090A067), ref: 0090A644
          • CloseHandle.KERNEL32(0000021C,0093A8D0,?,00000002,0090A067), ref: 0090A669
          • CloseHandle.KERNEL32(00000218,0093A8D0,?,00000002,0090A067), ref: 0090A679
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CloseHandleMessageSend$CriticalDeleteSection
          • String ID:
          • API String ID: 2769186497-0
          • Opcode ID: 150506c49435efbb086e42a128999c1426b84d62c210594d212ea39984c5e8cb
          • Instruction ID: 94cea187b2587812f48129aee2804c8deb59d3ad6ce80437b6c7539fbc2f059c
          • Opcode Fuzzy Hash: 150506c49435efbb086e42a128999c1426b84d62c210594d212ea39984c5e8cb
          • Instruction Fuzzy Hash: A5F0F97132A300DFDB109F70ED89B2A3779ABA4716B060029E745E22F0C7768841FE56
          Function 0090A60C Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
          Download Yara Rule
          APIs
          • SendMessageW.USER32(00000404,00000001,00000000), ref: 0090A623
          • DeleteCriticalSection.KERNEL32(0093A91C,0093A8D0,?,00000002,0090A067), ref: 0090A644
          • CloseHandle.KERNEL32(0000021C,0093A8D0,?,00000002,0090A067), ref: 0090A669
          • CloseHandle.KERNEL32(00000218,0093A8D0,?,00000002,0090A067), ref: 0090A679
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CloseHandle$CriticalDeleteMessageSectionSend
          • String ID:
          • API String ID: 1512964421-0
          • Opcode ID: bee3b577734d392fe5a3eb3e5ceb2477930eec817aa5e71841bb650ce0d2b8b6
          • Instruction ID: c35cb6e7b08b877bdfce1e8c961e19a76b3b76b6930445cd93e0a066e6ec3960
          • Opcode Fuzzy Hash: bee3b577734d392fe5a3eb3e5ceb2477930eec817aa5e71841bb650ce0d2b8b6
          • Instruction Fuzzy Hash: 96F0627572A300CFDB149F74AD8C75A3778AB9071270A002AE945E22E5D739D805FF93
          Function 0091B235 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 682COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_GS.LIBCMT ref: 0091B23F
            • Part of subcall function 0091475C: __EH_prolog3_GS.LIBCMT ref: 00914766
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3_
          • String ID: /
          • API String ID: 2427045233-2043925204
          • Opcode ID: 898a52833bbb4437c76dd35282a197709a6d5699be5cddd673308bfea878d00d
          • Instruction ID: 97ebc972baa52e6ea3fe21b34edfc5182539555bb61864da0476c2eb7979c266
          • Opcode Fuzzy Hash: 898a52833bbb4437c76dd35282a197709a6d5699be5cddd673308bfea878d00d
          • Instruction Fuzzy Hash: D3527D30A0021DDFDB15DF68C984BEDBBB5AF58300F148199E945AB292DB70AE85CF91
          Function 0090A240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
          Download Yara Rule
          APIs
          • SetFileAttributesW.KERNELBASE(?,00000080,00000000,000000FF,?,0090D169,00000006,000000FF,?,?,00000000,000000FF,00000000,?), ref: 0090A2CE
          Strings
          • User canceled extraction..., xrefs: 0090A34F
          • Unable ro register file for clean-up, xrefs: 0090A2E2
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: AttributesFile
          • String ID: Unable ro register file for clean-up$User canceled extraction...
          • API String ID: 3188754299-368570184
          • Opcode ID: 63e5938937be242697252cc24a748d4e8663afaca3154ff64e56806445ef018c
          • Instruction ID: 93cd3ee7f1434326beb062d57651b0dcb39d6cd499df31f95e8360a023c8737d
          • Opcode Fuzzy Hash: 63e5938937be242697252cc24a748d4e8663afaca3154ff64e56806445ef018c
          • Instruction Fuzzy Hash: 3921AD31918311DFCF16AF55E88631D3372EBA0720B20812AE44A5B2E0C735A880EFC7
          Function 0090BD0B Relevance: 5.1, APIs: 4, Instructions: 68memoryCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090F358: CreateFileW.KERNELBASE(?,?,?,00000000,?,0090936C,00000000,00000000,?,04BBB8A8,04BBB8A8,?,0090DBE9,00000005,?,00000002), ref: 0090F386
          • GetLastError.KERNEL32(00000007,04BC9F88,00000003,08000080,04BC9F88,?,00000000,04BC9F88,04BC9F88,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88), ref: 0090BD33
          • GetProcessHeap.KERNEL32(00000008,00000014,00000007,04BC9F88,00000003,08000080,04BC9F88,?,00000000,04BC9F88,04BC9F88,?,00909CE2,00000000,00000000), ref: 0090BD56
          • HeapAlloc.KERNEL32(00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090BD5D
          • CloseHandle.KERNEL32(00000000,00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090BDAC
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocCloseCreateErrorFileHandleLastProcess
          • String ID:
          • API String ID: 3300431839-0
          • Opcode ID: cc467f324b43961ef9b6be24eb496ef850eeeee6178da6f00077cd348b5f1e87
          • Instruction ID: fa280cf6472aaec534f6f9733aaa92b030f85235341a9baf9e40a31e15e2eeba
          • Opcode Fuzzy Hash: cc467f324b43961ef9b6be24eb496ef850eeeee6178da6f00077cd348b5f1e87
          • Instruction Fuzzy Hash: A011A3B3A04625AFD32117B85C59B5AF6999B80B70F254315FE25AB2D0EB749C0057E0
          Function 0091C710 Relevance: 4.6, APIs: 3, Instructions: 61COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_GS.LIBCMT ref: 0091C717
          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000020), ref: 0091C74C
          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000020), ref: 0091C799
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CriticalSection$EnterH_prolog3_Leave
          • String ID:
          • API String ID: 4216991881-0
          • Opcode ID: 80329ed4bd377c8fb783ef65e0e6ee873306e8f51da072a1920a0617b0e63ad2
          • Instruction ID: 3e5173a2804d7ed7973110ca23048e58fb5fc0859fcd0cc868482a425247ddb3
          • Opcode Fuzzy Hash: 80329ed4bd377c8fb783ef65e0e6ee873306e8f51da072a1920a0617b0e63ad2
          • Instruction Fuzzy Hash: D521E975A0060ADFCB08CF98C844AAEBBB5FF48320F208119E515A7350D731EE12CFA0
          Function 00933C6C Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
          Download Yara Rule
          APIs
          • CreateThread.KERNELBASE(?,?,Function_00033B10,00000000,?,?), ref: 00933CB5
          • GetLastError.KERNEL32(?,?,?,?,0091C8D8,00000000,00000000,Function_0001C830,?,00000000,?), ref: 00933CC1
          • __dosmaperr.LIBCMT ref: 00933CC8
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CreateErrorLastThread__dosmaperr
          • String ID:
          • API String ID: 2744730728-0
          • Opcode ID: 5484e08f1f371077439fdd599d30925002fb8ff7b9444a63a537b7cc577692f0
          • Instruction ID: 1a94463e5a552e9759d2fee317f43d83c07a580e8c048e45e5d506f08fddf414
          • Opcode Fuzzy Hash: 5484e08f1f371077439fdd599d30925002fb8ff7b9444a63a537b7cc577692f0
          • Instruction Fuzzy Hash: 50019E72544219EFDF159FA1DC06AAEBBA8EF40321F008058BC01A6150DB75CF50DFA0
          Function 00912A51 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3.LIBCMT ref: 00912A58
          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,?,0000000C,00912DE7,?,00000000,?,?), ref: 00912AA9
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00912ADA
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ByteCharException@8H_prolog3MultiThrowWide
          • String ID:
          • API String ID: 1825447756-0
          • Opcode ID: b19aebb64ad5287167173140d692b96e628283a2f3b6dbd0ad7b17db934488e8
          • Instruction ID: 7273eef31198025a391ff91f5838fbfde9b6ee6ce1600b04c97a09c0393ebec9
          • Opcode Fuzzy Hash: b19aebb64ad5287167173140d692b96e628283a2f3b6dbd0ad7b17db934488e8
          • Instruction Fuzzy Hash: 9011D671700606EBEB14EFA4C951B6EF7B6AFC8710F14841CF544AB291DBB1AD508B51
          Function 00933BC5 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 009295EA: GetLastError.KERNEL32(00000000,00000000,00927C23,009299CE,?,009296DE,00000001,00000364,00000006,000000FF,00921992,CE3BFFFF,?,00923ABA,00927ABE,FF85FFFF), ref: 009295EE
            • Part of subcall function 009295EA: SetLastError.KERNEL32(00000000,?,00927ABE,?,?,?,?,?,00000000,00921992,?,-00000001,00000000,00000000,?,?), ref: 00929690
          • CloseHandle.KERNEL32(?,?,?,00933CFC,?,?,00933B6E,00000000), ref: 00933BF6
          • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00933CFC,?,?,00933B6E,00000000), ref: 00933C0C
          • ExitThread.KERNEL32 ref: 00933C15
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
          • String ID:
          • API String ID: 1991824761-0
          • Opcode ID: ae73380ced9d392af70eb73ebc0e51e7cf564ae5ea5128ddecf64e31921f6dd1
          • Instruction ID: 31a14501cc9f72946a53cb7159cabba08753d8b4dc342d2ff93999c059d36a50
          • Opcode Fuzzy Hash: ae73380ced9d392af70eb73ebc0e51e7cf564ae5ea5128ddecf64e31921f6dd1
          • Instruction Fuzzy Hash: F7F08C309446006BCB255B75DD09A2B7BACAF40320F08D610FDA9D30A1CB31EE81EE90
          Function 00917780 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 618COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_catch_GS.LIBCMT ref: 0091778A
            • Part of subcall function 00912634: __EH_prolog3.LIBCMT ref: 0091263B
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3H_prolog3_catch_
          • String ID: '
          • API String ID: 863784098-1997036262
          • Opcode ID: e7790d930f4d8da00f9952bbd6ff1aa0055da50341f5a463c0a89fe3040b25b5
          • Instruction ID: e78bf8e97c8b5fc3868a042abedb282b86f2e1b9132204939abc9ee79b469634
          • Opcode Fuzzy Hash: e7790d930f4d8da00f9952bbd6ff1aa0055da50341f5a463c0a89fe3040b25b5
          • Instruction Fuzzy Hash: 06523470A05259DFDB21DFA8C984BDDFBB1AF98300F1481D9E449AB292CB705E85DF50
          Function 0090A7A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
          Download Yara Rule
          APIs
          • DialogBoxParamW.USER32(00000081,00000000,0090A7E0,00000000), ref: 0090A7B5
          Strings
          • Failed while running the progress dialog., xrefs: 0090A7C1
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: DialogParam
          • String ID: Failed while running the progress dialog.
          • API String ID: 665744214-2908255965
          • Opcode ID: 60d83256a116c39b172dd5b1311faac48901fb4f8a7b1efa43f085566907669b
          • Instruction ID: 2eb65ff6f20d3d51f75bb83aad408dcf351155699a7f3408c13eb78195277b3b
          • Opcode Fuzzy Hash: 60d83256a116c39b172dd5b1311faac48901fb4f8a7b1efa43f085566907669b
          • Instruction Fuzzy Hash: 84D0A732BDE7306EE12112047C03F4656105B60F64F114111F610B51E08ED1680195C9
          Function 00912BA1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3.LIBCMT ref: 00912BA8
            • Part of subcall function 00912BA1: __EH_prolog3_GS.LIBCMT ref: 00912AE7
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3H_prolog3_
          • String ID: _
          • API String ID: 3355343447-701932520
          • Opcode ID: 979874c2788e7fd7b8b0d6fb455a0da6b039a8419acf3bc82908619c5c5ea8a0
          • Instruction ID: 7fcf6f87229323d0e817df278be2a25ea05514da4fd6423cd0fc91f0628e2bd0
          • Opcode Fuzzy Hash: 979874c2788e7fd7b8b0d6fb455a0da6b039a8419acf3bc82908619c5c5ea8a0
          • Instruction Fuzzy Hash: BEC01271D502086AE728E7D48842BEF766C9B44711F400159B100B6141D6719A044BE1
          Function 0090CF63 Relevance: 3.1, APIs: 2, Instructions: 137COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fadedaa435530d858041d5ed35e1a1d41122c9955946229ef2191223bc412d36
          • Instruction ID: 03034e55c213d1b652ca36b71d6db0fe2537d380f7d325f590ed87d1332458df
          • Opcode Fuzzy Hash: fadedaa435530d858041d5ed35e1a1d41122c9955946229ef2191223bc412d36
          • Instruction Fuzzy Hash: CB41A9B1E16209AFDB10CFE8CC80BAEB7B1AB48310F114129EA05F7390D775AD018FA5
          Function 0090FC70 Relevance: 3.1, APIs: 2, Instructions: 79COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __get_errno
          • String ID:
          • API String ID: 1825202071-0
          • Opcode ID: 5efa0247f5e096725eaa2624927a7ff47b6985501c455d8c3d2b017eb2d03007
          • Instruction ID: ee2e542e01012c2dd3bb63a4db366585e59aff5704e6b929e872de9bdeeff834
          • Opcode Fuzzy Hash: 5efa0247f5e096725eaa2624927a7ff47b6985501c455d8c3d2b017eb2d03007
          • Instruction Fuzzy Hash: CC3148B560060AAFEB14CF54D891B5ABBF8FF04325F108269E9059B690D775FD81CFA0
          Function 0090D8F0 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
          Download Yara Rule
          APIs
          • SetFilePointer.KERNELBASE(?,?,00000000,?), ref: 0090D941
          • GetLastError.KERNEL32 ref: 0090D952
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLastPointer
          • String ID:
          • API String ID: 2976181284-0
          • Opcode ID: eb271b7e16ea3064cfafc375579cea62368acb98eb3c86d6b10904b15e333fce
          • Instruction ID: c73969bc22896df3cf17a28a3256b51dd640b1535b1ae7531606e6d28237cab2
          • Opcode Fuzzy Hash: eb271b7e16ea3064cfafc375579cea62368acb98eb3c86d6b10904b15e333fce
          • Instruction Fuzzy Hash: E211E5366032259FC714CF99DC80A2677AAFFC57647264219ED65AB390D730EC02DBA0
          Function 0090D760 Relevance: 3.1, APIs: 2, Instructions: 53fileCOMMON
          Download Yara Rule
          APIs
          • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0090D781
          • GetLastError.KERNEL32 ref: 0090D790
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CreateErrorFileLast
          • String ID:
          • API String ID: 1214770103-0
          • Opcode ID: 49a7db261664712e0ca4dcae603cc6c331b618a031744f4c78ed6425a97efa9d
          • Instruction ID: 203e7b457426f383d86bc6a5d61105320c179aa1d690b093566e0948b88c2045
          • Opcode Fuzzy Hash: 49a7db261664712e0ca4dcae603cc6c331b618a031744f4c78ed6425a97efa9d
          • Instruction Fuzzy Hash: C8019276616224EFD7208B9AEC84F127BA9EB847B4F164215FE44AB290C720DC01DAE0
          Function 0090D870 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
          Download Yara Rule
          APIs
          • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 0090D89B
          • GetLastError.KERNEL32 ref: 0090D8A5
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLastWrite
          • String ID:
          • API String ID: 442123175-0
          • Opcode ID: b2c5720f107632bb2372428b405705d703d8fee36d90d66687a60f8a02fe61ef
          • Instruction ID: 8595a017f56e46a232f5a691fa15554fddf17cf4584c96c6d48cf102b818b33f
          • Opcode Fuzzy Hash: b2c5720f107632bb2372428b405705d703d8fee36d90d66687a60f8a02fe61ef
          • Instruction Fuzzy Hash: FF016D71E16229EFCB10DFA5D844A9BBFA8FF047A0B028219FC15E7290D7309D009BA4
          Function 0090D7F0 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
          Download Yara Rule
          APIs
          • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0090D81B
          • GetLastError.KERNEL32 ref: 0090D825
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLastRead
          • String ID:
          • API String ID: 1948546556-0
          • Opcode ID: 1464da91bb9b606575f2e90cc69654331e82ff842ea7bb4b26bc5d8f9dbe4cd7
          • Instruction ID: cf72980f516759b27b286e687b0010886ce6c3d0af6d61f09aa19161bdcca980
          • Opcode Fuzzy Hash: 1464da91bb9b606575f2e90cc69654331e82ff842ea7bb4b26bc5d8f9dbe4cd7
          • Instruction Fuzzy Hash: CD014F71D16229AF87108FA5D844A9BBFA8FF44760B018259FC15E7250D7309900DAA4
          Function 009334E6 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 009335AA
            • Part of subcall function 00920817: RaiseException.KERNEL32(?,?,?,009335CC,?,00000000,?,?,?,?,?,?,009335CC,?,00938524), ref: 00920877
          • __CxxThrowException@8.LIBVCRUNTIME ref: 009335C7
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Exception@8Throw$ExceptionRaise
          • String ID:
          • API String ID: 3476068407-0
          • Opcode ID: 8c8cba8aaf50759416e01a1bbda7d17a3f637c3612aaa49ab01b3911db1494fa
          • Instruction ID: 558b379a07ce3b3ec357e0e9f519a7aed1e76349bbfb1a9fdc99d98ba7772dcd
          • Opcode Fuzzy Hash: 8c8cba8aaf50759416e01a1bbda7d17a3f637c3612aaa49ab01b3911db1494fa
          • Instruction Fuzzy Hash: 7EF0B43484430DB6CB14B6B4F80AA9E776C9E80710F10C920FA28968E2EF75EB198DD1
          Function 00933B10 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32(00938560,0000000C), ref: 00933B23
          • ExitThread.KERNEL32 ref: 00933B2A
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorExitLastThread
          • String ID:
          • API String ID: 1611280651-0
          • Opcode ID: cca4cac4d497e19a7ed2cc2f157e246e1de32fdfa1632b98bd95c2f523e20653
          • Instruction ID: 71f79d3d27307d21f2da5b64bf69636866b9c376b488b5bd4baa65714a2af7ff
          • Opcode Fuzzy Hash: cca4cac4d497e19a7ed2cc2f157e246e1de32fdfa1632b98bd95c2f523e20653
          • Instruction Fuzzy Hash: F9F0C2B1950214DFDB05BBB0E80AB6E7B79FF80311F108649F512972A1DB755941DFA0
          Function 0090EED4 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
          Download Yara Rule
          APIs
          • SetCurrentDirectoryW.KERNELBASE(00000000,00000000,04BCA4A0), ref: 0090EEEE
          • GetLastError.KERNEL32 ref: 0090EEF8
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CurrentDirectoryErrorLast
          • String ID:
          • API String ID: 152501406-0
          • Opcode ID: e449ed8117273cf25c1cdb27f69cd035617e04ea650c6e21eee0cca889e0eb51
          • Instruction ID: fa077179f23aeeb7ee49ea16fcdd8f51d2e929832816bb11602502894e42ae26
          • Opcode Fuzzy Hash: e449ed8117273cf25c1cdb27f69cd035617e04ea650c6e21eee0cca889e0eb51
          • Instruction Fuzzy Hash: 65F0A732D1123ADBDB219BA599053DEB67CDF40755F0101A4EE01B7190DB349E009AE0
          Function 0090F282 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
          Download Yara Rule
          APIs
          • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,04BC9F88,04BC9F88,?,00909380), ref: 0090F2A1
          • GetLastError.KERNEL32(?,00909380,?), ref: 0090F2AB
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLastPointer
          • String ID:
          • API String ID: 2976181284-0
          • Opcode ID: 2a4635e515aabe1874ee3647ab9b5af0e5a7da901dd54a70130eb3660a8b0516
          • Instruction ID: 1040522bedd351966ef7870cfe44e235d1bf5cd2549e773f1de25b44647497b9
          • Opcode Fuzzy Hash: 2a4635e515aabe1874ee3647ab9b5af0e5a7da901dd54a70130eb3660a8b0516
          • Instruction Fuzzy Hash: DAF06576A1412CAFC710AFB99C45AEFBBA8EF05750B004129FD01E3150D631DA409BE0
          Function 00927C56 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RtlFreeHeap.NTDLL(00000000,00000000,?,0092BC86,009237A6,00000000,009237A6,?,0092BCAB,009237A6,00000007,009237A6,?,0092C093,009237A6,009237A6), ref: 00927C6C
          • GetLastError.KERNEL32(009237A6,?,0092BC86,009237A6,00000000,009237A6,?,0092BCAB,009237A6,00000007,009237A6,?,0092C093,009237A6,009237A6), ref: 00927C77
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFreeHeapLast
          • String ID:
          • API String ID: 485612231-0
          • Opcode ID: 35f2add7c955b542d1064a2c6d060ec812154f8e261ffbb1fef5738a4d32524b
          • Instruction ID: fb3051ebf3598036a74d2ac15d0ce4c42ceb4bcf6a8815d3e7d0b76213307009
          • Opcode Fuzzy Hash: 35f2add7c955b542d1064a2c6d060ec812154f8e261ffbb1fef5738a4d32524b
          • Instruction Fuzzy Hash: D3E08672508228ABCB112BF0BE09B45BB599B40351F140020F608E6164C77488509BD1
          Function 0091C99E Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • FindCloseChangeNotification.KERNELBASE(?,?,0091AE9F,43B9978B,?,00000000,00935517,000000FF,?,0000000C,009385A0,?,?,?,?,0091BA1C), ref: 0091C9A8
          • GetLastError.KERNEL32(?,?,0091AE9F,43B9978B,?,00000000,00935517,000000FF,?,0000000C,009385A0,?,?,?,?,0091BA1C), ref: 0091C9B2
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ChangeCloseErrorFindLastNotification
          • String ID:
          • API String ID: 1687624791-0
          • Opcode ID: eb50a7db60041d2aed6f84df2a0f3c1879785d687177b7ff2bdc2da66115a62a
          • Instruction ID: bb57e3a6bb323a779bd17d6f22d1fcfccc981d07d96d5ef58dd0c471a2727e67
          • Opcode Fuzzy Hash: eb50a7db60041d2aed6f84df2a0f3c1879785d687177b7ff2bdc2da66115a62a
          • Instruction Fuzzy Hash: EAD05232328122CBEB741F39B8087EA73E8AB00722F10042AE4A0C0068EB6188C18A80
          Function 0090D730 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000000,?), ref: 0090D738
          • RtlFreeHeap.NTDLL(00000000), ref: 0090D73F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$FreeProcess
          • String ID:
          • API String ID: 3859560861-0
          • Opcode ID: 8eb539d91b18397dd5774c75d513940f6e92b9686598cd4b64b15667b59b7eb6
          • Instruction ID: adbc9de75de995ab2901685dbc0d20866f1707d00c4df721c34d2b0777d559b2
          • Opcode Fuzzy Hash: 8eb539d91b18397dd5774c75d513940f6e92b9686598cd4b64b15667b59b7eb6
          • Instruction Fuzzy Hash: 19C08C3214C20CABCB401BE1AC0DB3A3B5CAF00B95F040400F70D88090DB6281A0AB91
          Function 0090D710 Relevance: 3.0, APIs: 2, Instructions: 9memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000000,?), ref: 0090D718
          • RtlAllocateHeap.NTDLL(00000000), ref: 0090D71F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocateProcess
          • String ID:
          • API String ID: 1357844191-0
          • Opcode ID: c32227a392a55d16fb52ce29db74af92c05fcbb8b480cc29009257d496172e67
          • Instruction ID: 852ba569d51b5a80246806fb19bcdaadcd9f2e15b361d07a98da2c2b7f2e2b73
          • Opcode Fuzzy Hash: c32227a392a55d16fb52ce29db74af92c05fcbb8b480cc29009257d496172e67
          • Instruction Fuzzy Hash: ABB0923206C20CBBCB002BE1EC1EB997F2DEB0A692F004000F70D85061CB729210AFA1
          Function 00915AE9 Relevance: 1.9, APIs: 1, Instructions: 352COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_GS.LIBCMT ref: 00915AF3
            • Part of subcall function 009123AD: __EH_prolog3.LIBCMT ref: 009123B4
            • Part of subcall function 009125F8: __EH_prolog3.LIBCMT ref: 009125FF
            • Part of subcall function 00912634: __EH_prolog3.LIBCMT ref: 0091263B
            • Part of subcall function 0091B14E: __EH_prolog3.LIBCMT ref: 0091B155
            • Part of subcall function 009334E6: __CxxThrowException@8.LIBVCRUNTIME ref: 009335AA
            • Part of subcall function 009334E6: __CxxThrowException@8.LIBVCRUNTIME ref: 009335C7
            • Part of subcall function 0091B235: __EH_prolog3_GS.LIBCMT ref: 0091B23F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3$Exception@8H_prolog3_Throw
          • String ID:
          • API String ID: 605474211-0
          • Opcode ID: fafbae2a450cd7756beaf0670eec04b376b1ed82768f89066e49f2eea1ded7d7
          • Instruction ID: e917cbff6b96da133d73459b5c4b5a450bb4c094a6ead656fdf558488d4d0b2a
          • Opcode Fuzzy Hash: fafbae2a450cd7756beaf0670eec04b376b1ed82768f89066e49f2eea1ded7d7
          • Instruction Fuzzy Hash: 61E1A330A0465CEFDB15EBA8C9457DDFBB0AF99300F1084A9E149A72A1DB705F89CF52
          Function 009065E4 Relevance: 1.8, APIs: 1, Instructions: 334COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090A604: SendMessageW.USER32(00000401,00000000,00000000), ref: 0090A60F
            • Part of subcall function 0090A604: SendMessageW.USER32(00000404,00000001,00000000), ref: 0090A623
            • Part of subcall function 0090A604: DeleteCriticalSection.KERNEL32(0093A91C,0093A8D0,?,00000002,0090A067), ref: 0090A644
            • Part of subcall function 0090A604: CloseHandle.KERNEL32(0000021C,0093A8D0,?,00000002,0090A067), ref: 0090A669
            • Part of subcall function 0090A604: CloseHandle.KERNEL32(00000218,0093A8D0,?,00000002,0090A067), ref: 0090A679
          • SetEvent.KERNEL32 ref: 0090A876
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CloseHandleMessageSend$CriticalDeleteEventSection
          • String ID:
          • API String ID: 664628047-0
          • Opcode ID: 587ac8a6b4af5d8caeb6212c07f91226eedbcc23da309ae246d2599cfe3ac70c
          • Instruction ID: fea2852f6dcd22af729c62f7a5813e2a41bee51b406f2a9f093849a02cd88b6d
          • Opcode Fuzzy Hash: 587ac8a6b4af5d8caeb6212c07f91226eedbcc23da309ae246d2599cfe3ac70c
          • Instruction Fuzzy Hash: E6C1506294EBD69FD30387304C7A5907F719E6325531E8AEBC4D1CF0E3D25A092AD7A2
          Function 0091341F Relevance: 1.8, APIs: 1, Instructions: 307COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3_
          • String ID:
          • API String ID: 2427045233-0
          • Opcode ID: 9220e01ae61c92e826cfa0d7d4c694627e6f121a08457e01a07ec3b0f5192369
          • Instruction ID: 086f7eb94659315347afe9bf6a46e4856255ef68ba823da29f89404898fdab39
          • Opcode Fuzzy Hash: 9220e01ae61c92e826cfa0d7d4c694627e6f121a08457e01a07ec3b0f5192369
          • Instruction Fuzzy Hash: 57C17DB0A007099FCB19DF68C5816EDBBF1BF89310F00892DE49AAB791D734A985CF54
          Function 00914D0A Relevance: 1.7, APIs: 1, Instructions: 159COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3_
          • String ID:
          • API String ID: 2427045233-0
          • Opcode ID: 2bd8c74e5d0aae34d590391e26bad279f60eabeebd1ba4908843781f3aa0c2d9
          • Instruction ID: d0f1a0ea81071accd7ca154fcae5bb56c64269321d76458643aaf669491eb26c
          • Opcode Fuzzy Hash: 2bd8c74e5d0aae34d590391e26bad279f60eabeebd1ba4908843781f3aa0c2d9
          • Instruction Fuzzy Hash: 67516D71B002199FCB14CFA8D880AEEB3F5FF4C710F244629E546AB291D774AD85CBA0
          Function 0091D1B0 Relevance: 1.6, APIs: 1, Instructions: 116synchronizationCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0091CF94: __EH_prolog3.LIBCMT ref: 0091CF9B
          • WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 0091D25F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3ObjectSingleWait
          • String ID:
          • API String ID: 2100491740-0
          • Opcode ID: 460753756d3309b98a0b9e7ebc130a93d816cd8ba04cd51695fdc7b1de06493b
          • Instruction ID: 5e54784ff6f73e4647fd622a0d8e90dd849c7d304238b6122ef75e84afade6db
          • Opcode Fuzzy Hash: 460753756d3309b98a0b9e7ebc130a93d816cd8ba04cd51695fdc7b1de06493b
          • Instruction Fuzzy Hash: 1E414331301A499FCB25DE6CC981BAA73E9BF84350B15492DE976DB261DB31FC81CB50
          Function 00911EF0 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_catch_GS.LIBCMT ref: 00911EF7
            • Part of subcall function 00912634: __EH_prolog3.LIBCMT ref: 0091263B
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3H_prolog3_catch_
          • String ID:
          • API String ID: 863784098-0
          • Opcode ID: 37a6fb06b145f82e1b772a5ed51d184de51109d4cab437d7c2ce0403b532f8b9
          • Instruction ID: 033cd6e1097c464f19950a7bd0187826c091da1e81dbe4f2182d22e3baa5ce6b
          • Opcode Fuzzy Hash: 37a6fb06b145f82e1b772a5ed51d184de51109d4cab437d7c2ce0403b532f8b9
          • Instruction Fuzzy Hash: 3241BD30A0134DEFCF00EBA4C845BDDBBB4AF54304F148098E505AB292CB756F86DB91
          Function 0091C3A5 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3_
          • String ID:
          • API String ID: 2427045233-0
          • Opcode ID: cdb3232752219726babd28930083ce59ab976d4616fc6ba5c2337f187659b7d1
          • Instruction ID: 62dba3261318113fda125a9d2aab8f0e9732918fa977c548f5d5049a9d3ffed1
          • Opcode Fuzzy Hash: cdb3232752219726babd28930083ce59ab976d4616fc6ba5c2337f187659b7d1
          • Instruction Fuzzy Hash: 9231F975A04606AFCB25DF68C84097DB7B5BF48310B244259E5159B7A1C730FD92CFE1
          Function 00913368 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 009133BB
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID:
          • API String ID: 2005118841-0
          • Opcode ID: dc9dc7da91f07f8501057372be95cca7844f239ba6c3af106e41e5deb597e848
          • Instruction ID: 0420c14201609342e2d032e269ef200744861fa791990eac89e1d8410a4c32f3
          • Opcode Fuzzy Hash: dc9dc7da91f07f8501057372be95cca7844f239ba6c3af106e41e5deb597e848
          • Instruction Fuzzy Hash: 34216D71204609ABD715EB15D942AEAF7FCFF90710B408A29E426C3681EF34FE55CAA4
          Function 0090F660 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __get_errno
          • String ID:
          • API String ID: 1825202071-0
          • Opcode ID: 5dc8e82e9985de3a69eb679edc62346a6cce2f97552936c008f26ed7a31cfd21
          • Instruction ID: 97be1984cb58ddafe9bf507429d494d962ace0865651d5953b9455af8e58a677
          • Opcode Fuzzy Hash: 5dc8e82e9985de3a69eb679edc62346a6cce2f97552936c008f26ed7a31cfd21
          • Instruction Fuzzy Hash: 1D216A76600209DFCB14CF68D894B9AB7B4EF48320F1485A9EC499B2A1D776ED448FA0
          Function 0090F560 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __get_errno
          • String ID:
          • API String ID: 1825202071-0
          • Opcode ID: 72542a31a29d0a35bfcad660ddcb9a058e1ff90bdc1b268411ae26ab9db22292
          • Instruction ID: e87d9d83bec3d429c9aeacd4d056c79991d347111c6cef7917a2381b50cc2c4f
          • Opcode Fuzzy Hash: 72542a31a29d0a35bfcad660ddcb9a058e1ff90bdc1b268411ae26ab9db22292
          • Instruction Fuzzy Hash: B2116371500209DFCB14CF59DC516AABBE8EF08324F108669F919DB291D775EA50DF90
          Function 009142A3 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00914326
            • Part of subcall function 00920817: RaiseException.KERNEL32(?,?,?,009335CC,?,00000000,?,?,?,?,?,?,009335CC,?,00938524), ref: 00920877
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ExceptionException@8RaiseThrow
          • String ID:
          • API String ID: 3976011213-0
          • Opcode ID: a3f80322fb41d3a4774d5145209c8260c007edac3bfb399cd9b7ba8c1daf7c40
          • Instruction ID: 9121b531dec9cfef21fd219b3f3072b42c25f6460f024f07e97a7b568b8e1a84
          • Opcode Fuzzy Hash: a3f80322fb41d3a4774d5145209c8260c007edac3bfb399cd9b7ba8c1daf7c40
          • Instruction Fuzzy Hash: D6115A7060560AAFCB08DF69D945AAEFBB4FF58320B008669E415D3651DB30F9A5CB90
          Function 0090F4D0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __get_errno
          • String ID:
          • API String ID: 1825202071-0
          • Opcode ID: d0fb2aab1677b11cf0ded188101e10c132789b1d71f3d9be79bf12d6bf875512
          • Instruction ID: ec9715f55e6202ace778b9c8d86e3f3ccec442b1048c168b135012610a413b35
          • Opcode Fuzzy Hash: d0fb2aab1677b11cf0ded188101e10c132789b1d71f3d9be79bf12d6bf875512
          • Instruction Fuzzy Hash: DB115E75600209AFCB10CF68D894A9AB7F8EF48324F108559F9599B391D731E9409B60
          Function 00912BD6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
          Download Yara Rule
          APIs
          • __CxxThrowException@8.LIBVCRUNTIME ref: 00912C45
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Exception@8Throw
          • String ID:
          • API String ID: 2005118841-0
          • Opcode ID: 7239bccfa4b064fc4bdae370c9c43acc31d23b341cd119ef7feccc01de4aeec7
          • Instruction ID: 01f365972f71f8311a91dda5b9e47453be4e8e3aabcaae0a9506531bcc31d926
          • Opcode Fuzzy Hash: 7239bccfa4b064fc4bdae370c9c43acc31d23b341cd119ef7feccc01de4aeec7
          • Instruction Fuzzy Hash: 5101B575600309DFD731DF18D582A9EB7E8EF99700F20889DE5C6D7602D671B981CBA0
          Function 009103B5 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __get_errno
          • String ID:
          • API String ID: 1825202071-0
          • Opcode ID: 48b58f7b840607dd2c12847fb2040d21eac7c27d039d716469eacea906557c9a
          • Instruction ID: df5af51458f7edda59db32d259d6e877c532d20a4244c69b37fa7ea5e335ddea
          • Opcode Fuzzy Hash: 48b58f7b840607dd2c12847fb2040d21eac7c27d039d716469eacea906557c9a
          • Instruction Fuzzy Hash: C401AD757186099FCB04CF69D880A9F77E8EF88320B20406DE506E72A0EBB1E9819B50
          Function 0092997C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RtlAllocateHeap.NTDLL(00000008,00000000,CE3BFFFF,?,009296DE,00000001,00000364,00000006,000000FF,00921992,CE3BFFFF,?,00923ABA,00927ABE,FF85FFFF,CE3BFFFF), ref: 009299BD
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: f1a9d48bfeefd349651f5666ce64c1e1dd8a32b9822a79005e050b1b6a898159
          • Instruction ID: ce1238bff8eacf633d85c0c22ef15e2ec246e25ebbe34ca257df422a98fbfacc
          • Opcode Fuzzy Hash: f1a9d48bfeefd349651f5666ce64c1e1dd8a32b9822a79005e050b1b6a898159
          • Instruction Fuzzy Hash: 62F0E9395052316ADB216B66BC05B6A774CAF92770F158019FC4DE619CCA24D88096E1
          Function 0090F358 Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
          Download Yara Rule
          APIs
          • CreateFileW.KERNELBASE(?,?,?,00000000,?,0090936C,00000000,00000000,?,04BBB8A8,04BBB8A8,?,0090DBE9,00000005,?,00000002), ref: 0090F386
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 21426f8d1bfd265895cad3a6ca87951921551fc12881cdd6dcf37b7bbcdb452d
          • Instruction ID: ece7283388a0c810b5ed466ae7531ff372853592a3ef015bc69da2fff5a19e8a
          • Opcode Fuzzy Hash: 21426f8d1bfd265895cad3a6ca87951921551fc12881cdd6dcf37b7bbcdb452d
          • Instruction Fuzzy Hash: 2DF04932900228BFCB129FD5D94599E7A69EF443A0F104668B901661A0C7B19F50EB90
          Function 00927C90 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RtlAllocateHeap.NTDLL(00000000,0092B012,?,?,0092B012,00000220,?,00000000,?), ref: 00927CC2
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: 60c056f3e5b5c526999b8b5321caa18e9297cc3fbbc62ec5229eef947262a02f
          • Instruction ID: ef124ae87aa7cc67250e5afc1ce13803ddfe327adba486a34af725531d9832b0
          • Opcode Fuzzy Hash: 60c056f3e5b5c526999b8b5321caa18e9297cc3fbbc62ec5229eef947262a02f
          • Instruction Fuzzy Hash: 59E0E57110C23196E721ABF57D00B5AF64C9F427A0F254020FCC9B6398DB14CC0081E0
          Function 0091AEB0 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3
          • String ID:
          • API String ID: 431132790-0
          • Opcode ID: a60b929f2bcc07432163b249278d0b927b631cd44fd1d506cac769641b404ad7
          • Instruction ID: 806498aed3c2186b5c12fa42bf34405cf8a20a229a90ba865d5e969ef4527ef2
          • Opcode Fuzzy Hash: a60b929f2bcc07432163b249278d0b927b631cd44fd1d506cac769641b404ad7
          • Instruction Fuzzy Hash: 22F05E705007059BDB18EF68C54278DBBA1AF60310F50C65DE052A75D1DF70AB44DB44
          Function 009137E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_catch.LIBCMT ref: 009137E7
            • Part of subcall function 0091341F: __EH_prolog3_GS.LIBCMT ref: 00913426
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3_H_prolog3_catch
          • String ID:
          • API String ID: 3862090230-0
          • Opcode ID: 7eff88b4206ce62995435e5385d150d3905d2f5f5e74b1a52fa2ba39c7d880e6
          • Instruction ID: cf1060a1d5bfdf4e43988f0e786cc4e44b8664f8f53a4a147c121e6370c31aa1
          • Opcode Fuzzy Hash: 7eff88b4206ce62995435e5385d150d3905d2f5f5e74b1a52fa2ba39c7d880e6
          • Instruction Fuzzy Hash: 2CE01234A44208EBCF11DF54C806BEA3A74AB84724F10C195B90A6B240C639EEA4DAA2
          Function 0090A736 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
          Download Yara Rule
          APIs
          • SendMessageW.USER32(00000405,00000000,00000000,0090A08B), ref: 0090A75D
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: MessageSend
          • String ID:
          • API String ID: 3850602802-0
          • Opcode ID: 6d6c0c448e6388c9ef09f0e86ab169d03aa34b011d4406a58c9ae88afe8bd68b
          • Instruction ID: a8fbb48a170e078329016c11a40be63d17db490bb813f5250d9db485da8b5a92
          • Opcode Fuzzy Hash: 6d6c0c448e6388c9ef09f0e86ab169d03aa34b011d4406a58c9ae88afe8bd68b
          • Instruction Fuzzy Hash: 00D0C930665304AFEB204B10EC09B1631A0AB14715F528164E240B80F0E7B84849BE46
          Function 00933CEF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00933BC5: CloseHandle.KERNEL32(?,?,?,00933CFC,?,?,00933B6E,00000000), ref: 00933BF6
            • Part of subcall function 00933BC5: FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00933CFC,?,?,00933B6E,00000000), ref: 00933C0C
            • Part of subcall function 00933BC5: ExitThread.KERNEL32 ref: 00933C15
          • __Init_thread_abort.LIBCMT ref: 00933D02
            • Part of subcall function 0091DAFC: EnterCriticalSection.KERNEL32(00939D40,?,?,00933D07,0093AA00,?,?,00933B6E,00000000), ref: 0091DB06
            • Part of subcall function 0091DAFC: LeaveCriticalSection.KERNEL32(00939D40,?,?,00933D07,0093AA00,?,?,00933B6E,00000000), ref: 0091DB13
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CriticalExitSectionThread$CloseEnterFreeHandleInit_thread_abortLeaveLibrary
          • String ID:
          • API String ID: 1105204682-0
          • Opcode ID: da2bd7e452e5c953a7a0dc5345d2c04033617b42f77322f73bf3cd176528a81e
          • Instruction ID: 6dcb31a55699cc83088af192b70e2b59db0f75420a7f34b1b35ac7611ea493f0
          • Opcode Fuzzy Hash: da2bd7e452e5c953a7a0dc5345d2c04033617b42f77322f73bf3cd176528a81e
          • Instruction Fuzzy Hash: 8BB0122214924C338A14B667DC07D8E7E1FCEC0761F304051F91E45C724FA19A91E89A
          Function 00916ED5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
          Download Yara Rule
          APIs
          • __EH_prolog3_catch.LIBCMT ref: 00916EDC
            • Part of subcall function 00916ED5: __EH_prolog3_GS.LIBCMT ref: 009169A6
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: H_prolog3_H_prolog3_catch
          • String ID:
          • API String ID: 3862090230-0
          • Opcode ID: 3d9c003eb791114a001ee89e093f767694e0e4a8bac071012b373ae8a804b2b0
          • Instruction ID: 6baa7ff2f58f04f97b118245af73b41d2be03f32507fe911428922656a20c8a0
          • Opcode Fuzzy Hash: 3d9c003eb791114a001ee89e093f767694e0e4a8bac071012b373ae8a804b2b0
          • Instruction Fuzzy Hash: A5B012B0A50248E7EF18BB74CC0278C35609F80301F208050B60419191C7735B449E46
          Function 0090C407 Relevance: 1.5, APIs: 1, Instructions: 235stringCOMMON
          Download Yara Rule
          APIs
          • lstrlenW.KERNEL32(0090A0E2,00000000,00000000,000000FF,00000000,?), ref: 0090C5CA
            • Part of subcall function 0090E635: GetProcessHeap.KERNEL32(00000000,00000000,00000000,0090DD32,?,00000000,?,?,0090A7CC,00000000,Failed while running the progress dialog.), ref: 0090E63A
            • Part of subcall function 0090E635: HeapFree.KERNEL32(00000000,?,00000000,?,?,0090A7CC,00000000,Failed while running the progress dialog.), ref: 0090E641
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$FreeProcesslstrlen
          • String ID:
          • API String ID: 4184603421-0
          • Opcode ID: 7324a2607a2d27f9ee59e73927b15751bf26c9d4e2cbb69e2aefd4ec645b8ae7
          • Instruction ID: bb0cde7371d62b21701345e7a7f78febe74370445ef51d14c46525faeda8f36b
          • Opcode Fuzzy Hash: 7324a2607a2d27f9ee59e73927b15751bf26c9d4e2cbb69e2aefd4ec645b8ae7
          • Instruction Fuzzy Hash: B2819572E0121A8FCB15DFA8D991ABEB7B5AF48710F114619E901BB3C1DB35ED018BA0
          Function 0091C87C Relevance: 1.3, APIs: 1, Instructions: 55COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0091C7F5: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,0091C897), ref: 0091C807
            • Part of subcall function 0091C7F5: GetLastError.KERNEL32(?,?,0091C897), ref: 0091C813
            • Part of subcall function 0091C7DA: ResetEvent.KERNEL32(?,0091C8B0), ref: 0091C7DC
            • Part of subcall function 0091C7DA: GetLastError.KERNEL32 ref: 0091C7E9
          • GetLastError.KERNEL32 ref: 0091C8E2
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$Event$CreateReset
          • String ID:
          • API String ID: 4135631499-0
          • Opcode ID: 49f39944c43c0fe5ebec18928714841d2017cef247572d960401073277d4f7e8
          • Instruction ID: 172abfd7f4af126495da97755e536de8f40abbf5ce3c22d1b9bbd7628af4f787
          • Opcode Fuzzy Hash: 49f39944c43c0fe5ebec18928714841d2017cef247572d960401073277d4f7e8
          • Instruction Fuzzy Hash: F20192F175030DAEA324AB7ACCD29EBB3DCEF54354740857DE817E2241EB60ED848A10
          Function 0090DBCE Relevance: 1.3, APIs: 1, Instructions: 33COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090F358: CreateFileW.KERNELBASE(?,?,?,00000000,?,0090936C,00000000,00000000,?,04BBB8A8,04BBB8A8,?,0090DBE9,00000005,?,00000002), ref: 0090F386
          • GetLastError.KERNEL32(00000005,?,00000002,00000080,?,00000000,00000000,0090936C), ref: 0090DBF3
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CreateErrorFileLast
          • String ID:
          • API String ID: 1214770103-0
          • Opcode ID: 933c8763a8db417568dc73ce86fea438365fd98310ba4017cb40069b5225bb9d
          • Instruction ID: 4e2d6ea1da08ac2bc4dcbb641111436433c630b836a74381da46db294d3d6644
          • Opcode Fuzzy Hash: 933c8763a8db417568dc73ce86fea438365fd98310ba4017cb40069b5225bb9d
          • Instruction Fuzzy Hash: 5EF0A032B016315FE23422B91C06B6B84859FD1B70F124725BA50EB2D0D9A08C0052F0

          Non-executed Functions

          Function 0090EB72 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 202fileCOMMON
          Download Yara Rule
          APIs
          • GetFileAttributesW.KERNEL32(?,00000000,00000000,0093A8D0), ref: 0090EBB9
          • GetLastError.KERNEL32 ref: 0090EBCA
          • SetFileAttributesW.KERNEL32(?,00000080), ref: 0090EBFE
          • GetLastError.KERNEL32 ref: 0090EC08
          • FindFirstFileW.KERNEL32(?,?,00000000,00000000), ref: 0090EC67
          • GetLastError.KERNEL32 ref: 0090EC78
          • SetFileAttributesW.KERNEL32(?,00000080,00000000,00000000), ref: 0090ED4A
          • GetLastError.KERNEL32 ref: 0090ED54
          • DeleteFileW.KERNEL32(?,00000000,00000000), ref: 0090ED6D
          • GetLastError.KERNEL32 ref: 0090ED77
          • FindNextFileW.KERNEL32(000000FF,00000007), ref: 0090ED9C
          • GetLastError.KERNEL32 ref: 0090EDAD
          • FindClose.KERNEL32(000000FF), ref: 0090EDED
          • RemoveDirectoryW.KERNEL32(?), ref: 0090EE03
          • GetLastError.KERNEL32 ref: 0090EE0D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$File$AttributesFind$CloseDeleteDirectoryFirstNextRemove
          • String ID: \*.*
          • API String ID: 2447602905-1173974218
          • Opcode ID: 6c19395384a87484311c58cf5adfff862fa46d5a2104a9fa428af885d1862e90
          • Instruction ID: 446de287ae68c39778aa38bbca2a78b07b2f3aeef50c4b399e6ee5d7ba32d4ff
          • Opcode Fuzzy Hash: 6c19395384a87484311c58cf5adfff862fa46d5a2104a9fa428af885d1862e90
          • Instruction Fuzzy Hash: F161B632E056398FD731AB749C483AFB7B8EF44750F110AA5ED15A72D0EB319D40DAA0
          Function 0090C1A3 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 186memoryfileCOMMON
          Download Yara Rule
          APIs
          • BCryptOpenAlgorithmProvider.BCRYPT(?,SHA256,00000000,00000000,00000003,?,?,?,00000000,000000FF,00000000,?,?,0090A0B1), ref: 0090C201
          • BCryptCreateHash.BCRYPT(?,?,00000000,00000000,00000000,00000000,00000000,?,0090A0B1), ref: 0090C221
          • ReadFile.KERNEL32(?,?,?,?,00000000,00000004,?,00000000,00000000,00000000,?,?,?,?,0090A0B1), ref: 0090C2B5
          • BCryptHashData.BCRYPT(?,?,?,00000000,?,?,?,?,00000000,00000004,?,00000000,00000000,00000000,?,?), ref: 0090C2D7
          • BCryptFinishHash.BCRYPT(?,00000000,00000020,00000000,00000004,?,?,?,00000000,?,?,?,?,00000000,00000004,?), ref: 0090C353
          • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00000000,00000004,?,00000000,00000000,00000000,?,?), ref: 0090C39A
          • HeapFree.KERNEL32(00000000,?,?,?,?,00000000,00000004,?,00000000,00000000,00000000,?,?,?,?,0090A0B1), ref: 0090C3A1
          • GetLastError.KERNEL32(?,?,?,?,00000000,00000004,?,00000000,00000000,00000000,?,?,?,?,0090A0B1), ref: 0090C3B2
          • BCryptDestroyHash.BCRYPT(?,00000003,?,?,?,00000000,000000FF,00000000,?,?,0090A0B1), ref: 0090C3C6
          • BCryptCloseAlgorithmProvider.BCRYPT(?,00000000,00000003,?,?,?,00000000,000000FF,00000000,?,?,0090A0B1), ref: 0090C3E5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Crypt$Hash$AlgorithmHeapProvider$CloseCreateDataDestroyErrorFileFinishFreeLastOpenProcessRead
          • String ID: SHA256
          • API String ID: 2324294628-983011835
          • Opcode ID: 2da877d5e0d7a685062bdb2834a6a79a0409a3b8ac250709fdee882eb2c5e017
          • Instruction ID: 5b54d3b3519d336955ae4ecbeb9c719f53741c517a6293b49e290cf420882c8b
          • Opcode Fuzzy Hash: 2da877d5e0d7a685062bdb2834a6a79a0409a3b8ac250709fdee882eb2c5e017
          • Instruction Fuzzy Hash: 6D612FB0A10229AFDB26DF54CC44F9ABB7DFF48740F004699F65896290D7B0DAC09FA1
          Function 0090D9AF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 101libraryloaderCOMMON
          Download Yara Rule
          APIs
          • GetVersionExW.KERNEL32(00000114), ref: 0090D9F3
          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 0090DA68
          • GetProcAddress.KERNEL32(00000000), ref: 0090DA6F
          • GetCurrentProcess.KERNEL32(?), ref: 0090DA82
          • IsWow64Process.KERNEL32 ref: 0090DA97
          • GetLastError.KERNEL32 ref: 0090DA9D
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Process$AddressCurrentErrorHandleLastModuleProcVersionWow64
          • String ID: IsWow64Process$kernel32
          • API String ID: 4106997780-3789238822
          • Opcode ID: dceb7738276f24a264d08a702abe8951a00418830b9ebc8bd65dc53613de20ca
          • Instruction ID: 1fffb1c9069cb610de6fe429e085eb7516929308c82eb1d5bbbee6e1dfc98516
          • Opcode Fuzzy Hash: dceb7738276f24a264d08a702abe8951a00418830b9ebc8bd65dc53613de20ca
          • Instruction Fuzzy Hash: 0C318EB1B0931ADFCF249FA5DC457AABBA8EF88350F104566EA05D3280E7749985CF90
          Function 0090CAD9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 146fileCOMMON
          Download Yara Rule
          APIs
          • FindFirstFileW.KERNEL32(?,?,00000000,00000000,?,000000ED,00000000), ref: 0090CB77
          • GetLastError.KERNEL32 ref: 0090CB84
            • Part of subcall function 0090E06D: lstrlenW.KERNEL32(?,00000001,0093A8D0,00000000,0093A8D4,?,0090AD45,00000000,?,?,00000000), ref: 0090E0A3
          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0090CC3C
          • CloseHandle.KERNEL32(000000FF), ref: 0090CC95
          • FindClose.KERNEL32(00000000), ref: 0090CCA1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Find$CloseFile$ErrorFirstHandleLastNextlstrlen
          • String ID: *.*
          • API String ID: 900852546-438819550
          • Opcode ID: 80052bb9a32e1e84f3275f1b4651439d4c2e044448dcbf38ba28ef4e7373975e
          • Instruction ID: ad92b0de518a5750370574fcc2cf0e1f947e57f38abd146c69bc28016fe33eb3
          • Opcode Fuzzy Hash: 80052bb9a32e1e84f3275f1b4651439d4c2e044448dcbf38ba28ef4e7373975e
          • Instruction Fuzzy Hash: 8C519071D056398FDB24DB64CC9879AB7B9AF84320F204BD4D859A72D0DB31AE81DF90
          Function 0092D218 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: __floor_pentium4
          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
          • API String ID: 4168288129-2761157908
          • Opcode ID: 8bc7b97d6803400aa6bf331cfd18d245a21650d43324b586e4cf64f748a41e17
          • Instruction ID: 824d8295f10f69362505e981ce2a8d78cf6a07806c7cc4d43a385e6724072c67
          • Opcode Fuzzy Hash: 8bc7b97d6803400aa6bf331cfd18d245a21650d43324b586e4cf64f748a41e17
          • Instruction Fuzzy Hash: D6D24B71E092388FDB65CE28ED807EAB7B9EB45305F1445EAD40DE7244E778AE818F40
          Function 00928171 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: _strrchr
          • String ID:
          • API String ID: 3213747228-0
          • Opcode ID: f6676612b82571ab0fbc02953512c5e742d374809059f0285814bad935d8f7f0
          • Instruction ID: 151969b0c63da979d63b50a9aa0f6add9d01479d933ea47174c64dc553f80500
          • Opcode Fuzzy Hash: f6676612b82571ab0fbc02953512c5e742d374809059f0285814bad935d8f7f0
          • Instruction Fuzzy Hash: 20B1AC32906266DFDB11CF68D8817FFBBE9EF59340F148169E910AB345DA349D01CBA0
          Function 00927941 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00927A39
          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00927A43
          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00927A50
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ExceptionFilterUnhandled$DebuggerPresent
          • String ID:
          • API String ID: 3906539128-0
          • Opcode ID: df2432c21184cba4eb29b0b4f5487a4599bbc1cf9671db4879d860b0973aef27
          • Instruction ID: f81061d78c7b6adf543f23465db3cfc9eff2ebd6e56805159b0cac537c4d5103
          • Opcode Fuzzy Hash: df2432c21184cba4eb29b0b4f5487a4599bbc1cf9671db4879d860b0973aef27
          • Instruction Fuzzy Hash: 3A31C27491122C9BCB21DF65D989BCDBBB8BF48350F5042EAE40CA72A1E7709B858F44
          Function 0090E573 Relevance: 4.6, APIs: 3, Instructions: 56windowCOMMON
          Download Yara Rule
          APIs
          • FormatMessageW.KERNEL32(000019FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0090E5B4
          • GetLastError.KERNEL32 ref: 0090E5C1
          • LocalFree.KERNEL32(00000000,00000000), ref: 0090E5F5
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFormatFreeLastLocalMessage
          • String ID:
          • API String ID: 1365068426-0
          • Opcode ID: 3bf69a1b423564f9ce826f82343680d99dd67c36f26e1903cf02824563cbe0e1
          • Instruction ID: 68100028c719611e69b813f3429a5739e4ea666abea47b289668dc1ba9ff421d
          • Opcode Fuzzy Hash: 3bf69a1b423564f9ce826f82343680d99dd67c36f26e1903cf02824563cbe0e1
          • Instruction Fuzzy Hash: E5114876E00219EFCF149FA9DC0489EBBB9EB84750F00496AFD11E7280E6309E019BA0
          Function 0092CD90 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7ae4236022a79d726dbc3cc287fbd7821df076bc86e2c59d557089e3a4ed3c07
          • Instruction ID: 448e0aa17facd41c5d7b48109ee8b645092cfe67cb35bb67caf3b89808e08ac3
          • Opcode Fuzzy Hash: 7ae4236022a79d726dbc3cc287fbd7821df076bc86e2c59d557089e3a4ed3c07
          • Instruction Fuzzy Hash: 13F15F71E012299FDF14CFA8D980AADB7B5FF88314F158269E815A7395D731AE05CF80
          Function 009328E0 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009328DB,?,?,00000008,?,?,009324E5,00000000), ref: 00932B0D
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ExceptionRaise
          • String ID:
          • API String ID: 3997070919-0
          • Opcode ID: d08a67036b96cda8004568f22f42fb1a99952f732d9b940da70a630df9e436e4
          • Instruction ID: 20410dcb22ca47b0407b15eed7b2f743ffdd02861f92f1d2d7d272e696093921
          • Opcode Fuzzy Hash: d08a67036b96cda8004568f22f42fb1a99952f732d9b940da70a630df9e436e4
          • Instruction Fuzzy Hash: 76B127316106099FD729CF28C486B65BBE0FF45365F298658E8DACF2A1C335E992CF40
          Function 0092A58A Relevance: 1.6, APIs: 1, Instructions: 140COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a204a57916dd499e7eac73af1ac4a0ae78903f16688287cd32db86aa51390d69
          • Instruction ID: 6761aa7cc8d425af6111948aa8d6e32b3dd5abfbf51357afc8d45f9e618f8c44
          • Opcode Fuzzy Hash: a204a57916dd499e7eac73af1ac4a0ae78903f16688287cd32db86aa51390d69
          • Instruction Fuzzy Hash: AD41A4B680522DAFDF20DF69DC89AAABBBDEF45300F1442D9E40DD3205DA359E848F50
          Function 0092539B Relevance: 1.6, Strings: 1, Instructions: 388COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 229cfed0ad9f35c21ac168ac38727f64c08d50759012752a74c1d175c9a6325c
          • Instruction ID: ef2456bdb3f599d49e3c31eb8b1b064c9f0c8a0ff92fb79d03bc8fd8bd4f03b2
          • Opcode Fuzzy Hash: 229cfed0ad9f35c21ac168ac38727f64c08d50759012752a74c1d175c9a6325c
          • Instruction Fuzzy Hash: 70E1BE30600A25CFCB28DF28E480ABEB7F5FF45314B664A59E4569B2A8D730ED85CB51
          Function 00924CA8 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 894f1f0bcd032212232786176adc135263748bd6d8d95b77f5cbd4eab694ac67
          • Instruction ID: 385e6e771a48ae9b878248578296e1de795a464e59000a89eed7cd1a463d9982
          • Opcode Fuzzy Hash: 894f1f0bcd032212232786176adc135263748bd6d8d95b77f5cbd4eab694ac67
          • Instruction Fuzzy Hash: 6CC10370904A268FDB28CF68E5806BEBBF9BF85300F254A1DD456DB399C734AC45CB91
          Function 00925036 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 9733ea93dd6f4da9c9de174327e4b08df447793d48c39a1b14d2be31496c21f9
          • Instruction ID: ce59908eada1b5efbe0ba5be16f13709338ae06bf7a2106ef085c795daea7f6b
          • Opcode Fuzzy Hash: 9733ea93dd6f4da9c9de174327e4b08df447793d48c39a1b14d2be31496c21f9
          • Instruction Fuzzy Hash: BBB1E270A00E2ACFCB24CFA8E9807BEB7F9AF44700F124919D456A7699D770ED45CB91
          Function 0091E3F6 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
          Download Yara Rule
          APIs
          • SetUnhandledExceptionFilter.KERNEL32(Function_0001E410,0091DE45), ref: 0091E3FB
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ExceptionFilterUnhandled
          • String ID:
          • API String ID: 3192549508-0
          • Opcode ID: 04ef4a6672f21a2a5f86bed15d6676e1e3b42b0c6f84938a481d578393588a41
          • Instruction ID: 5d23a6d61a49e72fceb440226fbc58b814947db2a0ffe079e86ccda1a0a06acd
          • Opcode Fuzzy Hash: 04ef4a6672f21a2a5f86bed15d6676e1e3b42b0c6f84938a481d578393588a41
          • Instruction Fuzzy Hash:
          Function 0091A042 Relevance: .5, Instructions: 504COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1e836fecb2fcdf76de36bc938c9269671e831a7a0f0bfb964debda10fd5310b7
          • Instruction ID: 229a6d4e4f2efd42c7c695e2b4883954ba18db7565fc487e8de9d06d617605bb
          • Opcode Fuzzy Hash: 1e836fecb2fcdf76de36bc938c9269671e831a7a0f0bfb964debda10fd5310b7
          • Instruction Fuzzy Hash: 47029F72F0412A8FDF14CBA8C8806FCBBF2BB88345F114665E466E7285E6349D81CF95
          Function 009184B3 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0c45ad175dd18ae8f2fb0cb9717502d8fe6c8604f858805492a9c8d90d09a8e8
          • Instruction ID: bd6985105f09dae209a6c1f39abd26e075e05091e57aeb0182c2274c79d8aecc
          • Opcode Fuzzy Hash: 0c45ad175dd18ae8f2fb0cb9717502d8fe6c8604f858805492a9c8d90d09a8e8
          • Instruction Fuzzy Hash: 4B518F72B183114BD304CE19C88026FF7E2BBC8354F5A4A3EF899E7351DA74D9458B92
          Function 0092B7E8 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f95d0d44e2b226e564404ae7c7ddc0844959ae55f0482238c78e4d257c7cc7f3
          • Instruction ID: 871b6995a1ac74673fe88426ec56a02592f6d2c17a5902b08d87c716460f2de0
          • Opcode Fuzzy Hash: f95d0d44e2b226e564404ae7c7ddc0844959ae55f0482238c78e4d257c7cc7f3
          • Instruction Fuzzy Hash: 25F0A032A212349BCB22CB49E805B5873FCEB45B11F1140A6E405DB140C3B4DD00CBC0
          Function 0092B82C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ca56eead3e35376a478b9ef62b862f0e66348af071078e876c7ee23ddc5c7a76
          • Instruction ID: de175afad570a596eebba6dde5a4b6025fc40a2608e6e8d0ed2b1e7ed840209a
          • Opcode Fuzzy Hash: ca56eead3e35376a478b9ef62b862f0e66348af071078e876c7ee23ddc5c7a76
          • Instruction Fuzzy Hash: 6CE0EC72911278EBCB25DB98E944A8AF3FCEB89B50F56459AF519D3115C370EE00C7D0
          Function 00926FA5 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bfdb93679270fc351310d3e8b9bb571b2608ec2cf584230ae0b6014c7c10788a
          • Instruction ID: 67e7256e70fe0dd1e3538e97b8fe1025d875b5785883cbac9c13f50c631ba81a
          • Opcode Fuzzy Hash: bfdb93679270fc351310d3e8b9bb571b2608ec2cf584230ae0b6014c7c10788a
          • Instruction Fuzzy Hash: 18C08C340009A04ACE29CA20B3713F833ACA3D1782F80088CD9060BE86C71E9C8ADB00
          Function 0090A9C9 Relevance: 98.5, APIs: 35, Strings: 21, Instructions: 483stringCOMMON
          Download Yara Rule
          APIs
          • GetCommandLineW.KERNEL32(?,00000000,?,?,?,?,?,?,0090928C), ref: 0090A9FA
          • CommandLineToArgvW.SHELL32(00000000,?,?,00000000,?,?,?,?,?,?,0090928C), ref: 0090AA08
          • GetLastError.KERNEL32(?,00000000,?,?,?,?,?,?,0090928C), ref: 0090AA14
          • lstrlenW.KERNEL32(00000000,00000000,?,00000000), ref: 0090AA5B
          • lstrlenW.KERNEL32(00000000,?,00000000), ref: 0090AA84
          • CompareStringW.KERNEL32(0000007F,00000001,-00000004,00000005,quiet,000000FF,?,00000000), ref: 0090AAA3
          • lstrlenW.KERNEL32(?,?,00000000), ref: 0090AB3D
          • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000002,00907AB8,000000FF,?,?,00000000), ref: 0090AB5C
          • LocalFree.KERNEL32(00000000,00000000,?,00000000), ref: 0090AF6E
          Strings
          • extract, xrefs: 0090AD97
          • RemoveOldDirectoryOnExtraction flag must be set if /extractExecuteLocal is set., xrefs: 0090AEFE
          • noCleanUp, xrefs: 0090AAFF
          • Failed to set program args, xrefs: 0090ACFE
          • \out, xrefs: 0090AC74
          • quiet, xrefs: 0090AA94
          • Failed to allocate box path, xrefs: 0090AB80
          • programArgs:, xrefs: 0090ACCE
          • skip, xrefs: 0090AE6E
          • layout, xrefs: 0090AACC
          • Cannot specify /extractExecuteLocal in extraction only mode., xrefs: 0090AEEE
          • Failed to allocate log, xrefs: 0090AED6
          • Failed to get command line., xrefs: 0090AA25
          • Please specify either /extract:<path> or /extractExecuteLocal, but not both., xrefs: 0090AEA6
          • Failed to ensure path is backslash terminated., xrefs: 0090AEB8
          • Failed to get current directory, xrefs: 0090AECC
          • extract:, xrefs: 0090ABE2
          • Failed to set out directory, xrefs: 0090AEC2
          • extractExecuteLocal, xrefs: 0090AC40
          • Failed to allocate extract directory, xrefs: 0090AC1F
          • Failed to get path to executable., xrefs: 0090AF16
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: lstrlen$CommandCompareLineString$ArgvErrorFreeLastLocal
          • String ID: Cannot specify /extractExecuteLocal in extraction only mode.$Failed to allocate box path$Failed to allocate extract directory$Failed to allocate log$Failed to ensure path is backslash terminated.$Failed to get command line.$Failed to get current directory$Failed to get path to executable.$Failed to set out directory$Failed to set program args$Please specify either /extract:<path> or /extractExecuteLocal, but not both.$RemoveOldDirectoryOnExtraction flag must be set if /extractExecuteLocal is set.$\out$extract$extract:$extractExecuteLocal$layout$noCleanUp$programArgs:$quiet$skip
          • API String ID: 1367011218-2810344058
          • Opcode ID: 729f6f82b40b556fca448b7bc8ab7e7c9c6c048b83b0d547eeb0526265f44f2b
          • Instruction ID: f0af471c98063ddf481183f8accb0cfd092cd3325b5d0e1693bfd9707a999c01
          • Opcode Fuzzy Hash: 729f6f82b40b556fca448b7bc8ab7e7c9c6c048b83b0d547eeb0526265f44f2b
          • Instruction Fuzzy Hash: C6F1C471E58316AFDB309F94CC86F2A77A6EB10721F204625F521EA2D5D770EC40CBA2
          Function 0090B1C0 Relevance: 59.8, APIs: 24, Strings: 10, Instructions: 253windowCOMMON
          Download Yara Rule
          APIs
          • GetDlgItem.USER32(?,000003F0), ref: 0090B37C
          • GetLastError.KERNEL32 ref: 0090B389
          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0090B3BE
          • GetLastError.KERNEL32 ref: 0090B3C8
            • Part of subcall function 0090DFDF: GetProcessHeap.KERNEL32(00000000,?,00000040,00000040,00000000,0090EA39,?,00000000,0093A91C,00900000,00900000,?,0090A98A,?,?,?), ref: 0090DFF7
            • Part of subcall function 0090DFDF: HeapReAlloc.KERNEL32(00000000,?,0090A98A,?,?,?,?,0090A886), ref: 0090DFFE
          • SendMessageW.USER32(?,0000000D,?,?), ref: 0090B40A
          • GetLastError.KERNEL32 ref: 0090B414
          • GetWindowLongW.USER32(?,000000EB), ref: 0090B446
          • EndDialog.USER32(?,00000000), ref: 0090B453
          • GetDlgItem.USER32(?,000003F0), ref: 0090B464
          • GetLastError.KERNEL32 ref: 0090B46E
          • EndDialog.USER32(?,80070642), ref: 0090B4C9
          Strings
          • Failed to get the directory control., xrefs: 0090B474
          • Failed to get text from the directory control, xrefs: 0090B41A
          • Failed to get the directory control, xrefs: 0090B342, 0090B38F
          • Failed to get the label control, xrefs: 0090B296
          • Failed to get the text of the label, xrefs: 0090B2D3
          • Failed to allocate memory for the directory control value, xrefs: 0090B3E9
          • Failed to get text length from the directory control, xrefs: 0090B3CE
          • Failed to allocate memory for the directory value, xrefs: 0090B24B
          • Call to the SHGetPathFromIDListW failed, xrefs: 0090B320
          • Failed to allocate memory for the title, xrefs: 0090B268
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast$DialogHeapItemMessageSend$AllocLongProcessWindow
          • String ID: Call to the SHGetPathFromIDListW failed$Failed to allocate memory for the directory control value$Failed to allocate memory for the directory value$Failed to allocate memory for the title$Failed to get text from the directory control$Failed to get text length from the directory control$Failed to get the directory control$Failed to get the directory control.$Failed to get the label control$Failed to get the text of the label
          • API String ID: 2395276739-745645607
          • Opcode ID: 3bf4463f2a2e838a20216260329d4443878200bf8c9770848a9879d775a5e1c7
          • Instruction ID: 273c6237ff00c319485380cb17df461d8c0d771ab7fc538f8261a42395fbb24e
          • Opcode Fuzzy Hash: 3bf4463f2a2e838a20216260329d4443878200bf8c9770848a9879d775a5e1c7
          • Instruction Fuzzy Hash: 9981C232E55219EFDB109FB4DC49BAFBBA9EF48710F114125FA12F62E0DB749D009A60
          Function 0090DAE3 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 90COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: _strstr
          • String ID: -x64.cab$-x86.cab$.msi$.mzz$Windows10.0-KB$Windows8-RT-KB$Windows8.1-KB
          • API String ID: 2882301372-1128917784
          • Opcode ID: 4e4ef3a8df5871a9b7df59805b558db3d47fd239fa65ac8e82144cccd485a46a
          • Instruction ID: d077c94a51db57874bced562fc92be371bb5b0dd8b41a18d8c3ee0911c4ee3fb
          • Opcode Fuzzy Hash: 4e4ef3a8df5871a9b7df59805b558db3d47fd239fa65ac8e82144cccd485a46a
          • Instruction Fuzzy Hash: A921813575A6019FD6256B9DEC42D27B3FCBB82BA1716006AF0809B4E1DF24DC41DE29
          Function 0090D101 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 220fileCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090DC5D: GetLocalTime.KERNEL32(?,00000000,?), ref: 0090DC76
            • Part of subcall function 0090EA89: GetFileAttributesW.KERNELBASE(00000000,00000001,00000000,04BCA4A0,?,0090B08A,00000000,00000080,?,00000000), ref: 0090EAA9
            • Part of subcall function 0090EA89: CreateDirectoryW.KERNELBASE(00000000,00000000,?,0090B08A,00000000,00000080,?,00000000), ref: 0090EABF
            • Part of subcall function 0090EA89: GetLastError.KERNEL32(?,0090B08A,00000000,00000080,?,00000000), ref: 0090EACD
            • Part of subcall function 0090F358: CreateFileW.KERNELBASE(?,?,?,00000000,?,0090936C,00000000,00000000,?,04BBB8A8,04BBB8A8,?,0090DBE9,00000005,?,00000002), ref: 0090F386
          • GetLastError.KERNEL32(00000005,?,00000002,08000080,?,00000006,000000FF,?,?,00000000,000000FF,00000000,?), ref: 0090D1CB
          • SetEndOfFile.KERNEL32(?,?,?,?,00000005,?,00000002,08000080,?,00000006,000000FF,?,?,00000000,000000FF,00000000), ref: 0090D240
          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00000005,?,00000002,08000080,?,00000006,000000FF,?,?,00000000,000000FF), ref: 0090D254
          • ReadFile.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,00000005,?,00000002,08000080,?,00000006,000000FF), ref: 0090D2D7
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: File$CreateErrorLast$AttributesDirectoryLocalPointerReadTime
          • String ID: Extracting file: %ws
          • API String ID: 4273649226-1933252023
          • Opcode ID: 16cc0c8c77773d15fc8cd9eba9467420559422b9b97db7dbc192b1870677c403
          • Instruction ID: 670cfe17f279dce92188663f91de7803f8c51fe132fe2a0201006e0f571c8c10
          • Opcode Fuzzy Hash: 16cc0c8c77773d15fc8cd9eba9467420559422b9b97db7dbc192b1870677c403
          • Instruction Fuzzy Hash: 1C818171E012299FDB369B68CC45FADB7B5AB48714F110294F959AB2D0D6B0DEC08F90
          Function 0091EEE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
          Download Yara Rule
          APIs
          • _ValidateLocalCookies.LIBCMT ref: 0091EF0B
          • ___except_validate_context_record.LIBVCRUNTIME ref: 0091EF13
          • _ValidateLocalCookies.LIBCMT ref: 0091EFA1
          • __IsNonwritableInCurrentImage.LIBCMT ref: 0091EFCC
          • _ValidateLocalCookies.LIBCMT ref: 0091F021
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
          • String ID: csm
          • API String ID: 1170836740-1018135373
          • Opcode ID: c695f9f765a1f271a53f538c049cb6017d3ab30c4e600554d68f6437d7980efd
          • Instruction ID: 7fa5be81a1ba5b27863320aaeef2e24c699b608af2403867ba57bd4b37fefe54
          • Opcode Fuzzy Hash: c695f9f765a1f271a53f538c049cb6017d3ab30c4e600554d68f6437d7980efd
          • Instruction Fuzzy Hash: 6341A334B0021C9BCF10DF68D884ADEBBB9BF85324F148555EC159B392D771DA86CB90
          Function 0090E0D8 Relevance: 10.6, APIs: 7, Instructions: 86memoryCOMMON
          Download Yara Rule
          APIs
          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,6E4C3B80,00000000,6E4C4150,0090C60B,0090C60B,?,0090CFE3,?), ref: 0090E113
          • GetLastError.KERNEL32(?,0090CFE3,?,?,0090A0E2,00000000,00000000,?,?,?,?,0090C60B,?,0090A0E2,00000001,00000001), ref: 0090E120
            • Part of subcall function 0090EA0B: GetProcessHeap.KERNEL32(00000000,00000000,0090E47D,?,00000000), ref: 0090EA0E
            • Part of subcall function 0090EA0B: HeapSize.KERNEL32(00000000,?,00000000), ref: 0090EA15
          • GetProcessHeap.KERNEL32(00000008,0090C60B,00000000,?,0090CFE3,?,?,0090A0E2,00000000,00000000,?,?,?,?,0090C60B,?), ref: 0090E156
          • HeapReAlloc.KERNEL32(00000000,?,0090CFE3,?,?,0090A0E2,00000000,00000000,?,?,?,?,0090C60B,?,0090A0E2,00000001), ref: 0090E15D
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$Process$AllocByteCharErrorLastMultiSizeWide
          • String ID:
          • API String ID: 834348239-0
          • Opcode ID: 0e3354072ba60c65d30b5647df410f8ec6e11bd29b68c1d6c16e4b659d7cc8ba
          • Instruction ID: 49a5a911850de8877d0dbc8420b387e432c0147c2a3af9c7d51c25822b855b8c
          • Opcode Fuzzy Hash: 0e3354072ba60c65d30b5647df410f8ec6e11bd29b68c1d6c16e4b659d7cc8ba
          • Instruction Fuzzy Hash: ED21957160C216BFE7405BB98CC8D7BB6ACEF097A4B204B29FA51D32D0DB348C409B60
          Function 00929A27 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • FreeLibrary.KERNEL32(00000000,?,00929B34,009237A6,?,CE3BFFFF,00000000,00000000,?,00929CED,00000021,FlsSetValue,00902E9C,00902EA4,CE3BFFFF), ref: 00929AE8
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: FreeLibrary
          • String ID: api-ms-$ext-ms-
          • API String ID: 3664257935-537541572
          • Opcode ID: cd2b70c8c6b460824c88b45c866edd3cb6833b8d774f08f0b747185f24d9d79c
          • Instruction ID: 3174569c371275620f52a98f8475dfa84ee09dcdb6386cce4400eece94280a6b
          • Opcode Fuzzy Hash: cd2b70c8c6b460824c88b45c866edd3cb6833b8d774f08f0b747185f24d9d79c
          • Instruction Fuzzy Hash: C4210A72A05330EBC7219B64FC45A5B776CEF41760F250514FD16A7298EB70EE00DAE0
          Function 0090A16E Relevance: 9.1, APIs: 6, Instructions: 73memoryfileCOMMON
          Download Yara Rule
          APIs
          • DeleteFileW.KERNEL32(00000000,?,00000000), ref: 0090A1B2
          • GetLastError.KERNEL32 ref: 0090A1BC
          • MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 0090A1D1
          • GetLastError.KERNEL32 ref: 0090A1DB
          • GetProcessHeap.KERNEL32(00000000,04BBB450,?,00000000), ref: 0090A207
          • HeapFree.KERNEL32(00000000), ref: 0090A20E
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileHeapLast$DeleteFreeMoveProcess
          • String ID:
          • API String ID: 2464192315-0
          • Opcode ID: 9709412b3b99655bdf63225be1d3a6ffa50b587ff87b527e5db3d063316225e0
          • Instruction ID: decc1224b636fd6a6acaf58028ae8db66099ca88f661306ff0a6dd55149304c6
          • Opcode Fuzzy Hash: 9709412b3b99655bdf63225be1d3a6ffa50b587ff87b527e5db3d063316225e0
          • Instruction Fuzzy Hash: 8721AE31718304EFDB24EFB9EC89B2A73ACAB50745F004528E652D21D1DB74A940AFA2
          Function 0091F24A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetLastError.KERNEL32(?,?,0091F241,0091E9DE), ref: 0091F258
          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0091F266
          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0091F27F
          • SetLastError.KERNEL32(00000000,?,0091F241,0091E9DE), ref: 0091F2D1
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLastValue___vcrt_
          • String ID:
          • API String ID: 3852720340-0
          • Opcode ID: 59d2b80752f19377f4540b967d61a4e4a5d9691f2411004f6888bc2bdd8bd40c
          • Instruction ID: 454ae515df0e986d92c983ce2e28a658d27856ef91beaf61180dc9b7c2d115bc
          • Opcode Fuzzy Hash: 59d2b80752f19377f4540b967d61a4e4a5d9691f2411004f6888bc2bdd8bd40c
          • Instruction Fuzzy Hash: 2F01D43632E62D5EA62827B57CD5B976AA8EB817B0B20063AF530611F5EFA14C40A940
          Function 0090CCE1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111fileCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090F358: CreateFileW.KERNELBASE(?,?,?,00000000,?,0090936C,00000000,00000000,?,04BBB8A8,04BBB8A8,?,0090DBE9,00000005,?,00000002), ref: 0090F386
          • GetLastError.KERNEL32(00000007,?,00000003,00000080,?,?,00000000,00000000,?,?,?,?,?,?,?,0090CC2E), ref: 0090CD1E
          • ReadFile.KERNEL32(00000000,?,00000024,00000000,00000000,00000007,?,00000003,00000080,?,?,00000000,00000000), ref: 0090CD53
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,0090CC2E,?,?,000000FF,00000000,00000000), ref: 0090CD5D
          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,0090CC2E,?,?,000000FF), ref: 0090CE00
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorFileLast$CloseCreateHandleRead
          • String ID: $
          • API String ID: 3160720760-3993045852
          • Opcode ID: 02651aae1e2629f85b0427dcaeefc8b13055b9905febf1ed488a72fe33b977b0
          • Instruction ID: 488e8d445f9ffd46d91d405f70243920a98dc6629594e9c1ecfd01fa30509b2b
          • Opcode Fuzzy Hash: 02651aae1e2629f85b0427dcaeefc8b13055b9905febf1ed488a72fe33b977b0
          • Instruction Fuzzy Hash: 2831C9B5A00115DFCB24CF68C894BAE7BA9EB44720F254336ED16EB2C0D734DD409AA1
          Function 0092AA92 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
          Download Yara Rule
          Strings
          • C:\Users\user\Desktop\VisualStudioSetup.exe, xrefs: 0092AAAE
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID:
          • String ID: C:\Users\user\Desktop\VisualStudioSetup.exe
          • API String ID: 0-34181048
          • Opcode ID: da7c1456b974ffd251e50bcc68259e98d37bdd995f5112b044313ecb99d71aa0
          • Instruction ID: 8f4dd8c8e80076b5d371b4252d36b8615e546431b28243c280f0353fcf13e908
          • Opcode Fuzzy Hash: da7c1456b974ffd251e50bcc68259e98d37bdd995f5112b044313ecb99d71aa0
          • Instruction Fuzzy Hash: AC21A473204225AFDB20AF71BC41E2BB7AEEF843647144515F915D7159E730EC40CB62
          Function 0090B5F7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
          Download Yara Rule
          APIs
          • UuidCreate.RPCRT4(?), ref: 0090B61D
          • UuidToStringW.RPCRT4(?,00000000), ref: 0090B64D
          • RpcStringFreeW.RPCRT4(00000000), ref: 0090B680
          Strings
          • Failed to convert GUID to string., xrefs: 0090B661
          • Failed to create a new GUID., xrefs: 0090B636
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: StringUuid$CreateFree
          • String ID: Failed to convert GUID to string.$Failed to create a new GUID.
          • API String ID: 3044360575-1364151769
          • Opcode ID: 2f4159b6aa187e5ef91bb50a26850d3b9bfbfabe5dec9d0297ae5f8ecfcef57f
          • Instruction ID: 7c891977ebae0d635de9befdd5f8e274c4f0725d14c63197043885c82d09ebce
          • Opcode Fuzzy Hash: 2f4159b6aa187e5ef91bb50a26850d3b9bfbfabe5dec9d0297ae5f8ecfcef57f
          • Instruction Fuzzy Hash: F511E772E0562AAFD7109AB8C845BEFB7E8EB48761F100225EA01F3280DB31DD0486E0
          Function 00926FC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,43B9978B,?,?,00000000,00935D6A,000000FF,?,00926F9A,00927089,?,00926F6E,00000000), ref: 00926FFE
          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00927010
          • FreeLibrary.KERNEL32(00000000,?,?,00000000,00935D6A,000000FF,?,00926F9A,00927089,?,00926F6E,00000000), ref: 00927032
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: AddressFreeHandleLibraryModuleProc
          • String ID: CorExitProcess$mscoree.dll
          • API String ID: 4061214504-1276376045
          • Opcode ID: 7b336cc26d55c84823a05e1ce4e853c56d277fb11a3531219caf9ecb4b5faba3
          • Instruction ID: e46e5ef75f20d4bcd8a0cffcb372d4290525bbfd22c73c8860a099fe036073cb
          • Opcode Fuzzy Hash: 7b336cc26d55c84823a05e1ce4e853c56d277fb11a3531219caf9ecb4b5faba3
          • Instruction Fuzzy Hash: C401DB35958625EFDB158F80DC09BAEB7BCFB44B14F004125F921B22D0D7749804CF90
          Function 0090C72A Relevance: 7.5, APIs: 6, Instructions: 36memoryCOMMON
          Download Yara Rule
          APIs
          • CloseHandle.KERNEL32(00000000,00000000,0090BDA6,00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C734
          • GetProcessHeap.KERNEL32(00000000,?,00000000,0090BDA6,00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C745
          • HeapFree.KERNEL32(00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C74C
          • GetProcessHeap.KERNEL32(00000000,00000000,00000000,0090BDA6,00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C76A
          • HeapFree.KERNEL32(00000000,?,00909CE2,00000000,00000000,?,04BC9F88,04BC9F88,?,00909380,?), ref: 0090C771
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$FreeProcess$CloseHandle
          • String ID:
          • API String ID: 1236364404-0
          • Opcode ID: 4abc033b07ff9b7618a0a3387b2e0cbe8667881f7740d1e20cb68a0911cac1dd
          • Instruction ID: b10d23eae618ca3e35c7c2f823a3b75b44b074fe213c3e6f4b16d611a6802588
          • Opcode Fuzzy Hash: 4abc033b07ff9b7618a0a3387b2e0cbe8667881f7740d1e20cb68a0911cac1dd
          • Instruction Fuzzy Hash: F6F03071218611DFDB282BB59C1DB777699AF44752F044A1DF6ABC10E0DB748840EF60
          Function 009095FE Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118windowCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090EA1C: LoadStringW.USER32(?,?,?,00000040), ref: 0090EA48
          • MessageBoxW.USER32(00000000,00000000,?,00000010), ref: 00909714
          Strings
          • Failed to get error message for error: 0x%x., xrefs: 009096DD
          • Failed to get error string from error: 0x%x, xrefs: 0090968C
          • Failed to concatenate message with error string., xrefs: 009096B5
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: LoadMessageString
          • String ID: Failed to concatenate message with error string.$Failed to get error message for error: 0x%x.$Failed to get error string from error: 0x%x
          • API String ID: 2284331267-3986587811
          • Opcode ID: c2ce319930b98c42fc7a85d59fd448419bc4aa8e7f0918d4abcb30db7223de49
          • Instruction ID: 990a8672065be1c994de0594e6efe698f9c6f31bb402c0d45dc52fdc9b3284de
          • Opcode Fuzzy Hash: c2ce319930b98c42fc7a85d59fd448419bc4aa8e7f0918d4abcb30db7223de49
          • Instruction Fuzzy Hash: 8F315A7AF40209FFDF10AAE59D82FBEB32CAF90314F100865F542A70C3D67A5E40AA55
          Function 0090EE3F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0090DFDF: GetProcessHeap.KERNEL32(00000000,?,00000040,00000040,00000000,0090EA39,?,00000000,0093A91C,00900000,00900000,?,0090A98A,?,?,?), ref: 0090DFF7
            • Part of subcall function 0090DFDF: HeapReAlloc.KERNEL32(00000000,?,0090A98A,?,?,?,?,0090A886), ref: 0090DFFE
          • GetCurrentDirectoryW.KERNEL32(00000040,00000000,00000001,0093A8D0,00000000,?,?,?,0090AC68), ref: 0090EE61
          • GetLastError.KERNEL32(?,0090AC68), ref: 0090EE6D
          • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,0090AC68), ref: 0090EEA6
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: CurrentDirectoryHeap$AllocErrorLastProcess
          • String ID: @
          • API String ID: 4229842709-2766056989
          • Opcode ID: c641d501d9afa9aeab6c559ed4afc7d0edc9415b49c4df637ad21f18d5e3017a
          • Instruction ID: 90b05a07a826acb66afaad040552e50faac77be18d737bf98654683f9c2f5476
          • Opcode Fuzzy Hash: c641d501d9afa9aeab6c559ed4afc7d0edc9415b49c4df637ad21f18d5e3017a
          • Instruction Fuzzy Hash: B5110C37B0061DDFD720ABA5CC85B5FB769DFC0750F210965EE02A72C0D7349D0196A0
          Function 0092F0FC Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • GetConsoleOutputCP.KERNEL32(43B9978B,00000000,00000000,?), ref: 0092F15F
            • Part of subcall function 0092B5A5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,009303F9,?,00000000,-00000008), ref: 0092B651
          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0092F3BA
          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0092F402
          • GetLastError.KERNEL32 ref: 0092F4A5
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
          • String ID:
          • API String ID: 2112829910-0
          • Opcode ID: 6bed7766bf1320e8dfe2b43adbe267758edbc336499393a641117133b6e73026
          • Instruction ID: 6c7d46131bf5a91b66c9a51f5064ae4209e8e3adc3f70763d52049a6146bc970
          • Opcode Fuzzy Hash: 6bed7766bf1320e8dfe2b43adbe267758edbc336499393a641117133b6e73026
          • Instruction Fuzzy Hash: A0D18B75D042589FCB05CFA8E894AAEBBB8FF49314F18413AE866E7359D730A841CF50
          Function 0092A32A Relevance: 6.1, APIs: 4, Instructions: 82COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 0092B5A5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,009303F9,?,00000000,-00000008), ref: 0092B651
          • GetLastError.KERNEL32 ref: 0092A38E
          • __dosmaperr.LIBCMT ref: 0092A395
          • GetLastError.KERNEL32(?,?,?,?), ref: 0092A3CF
          • __dosmaperr.LIBCMT ref: 0092A3D6
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
          • String ID:
          • API String ID: 1913693674-0
          • Opcode ID: e22ff8741e5a45c323e34f82e693ee955e3e9ef60853029732817c2707e0068e
          • Instruction ID: b0e4895113e7f7dcafea60ecc73c485e53013ab95dbca737972b7a666f4122e9
          • Opcode Fuzzy Hash: e22ff8741e5a45c323e34f82e693ee955e3e9ef60853029732817c2707e0068e
          • Instruction Fuzzy Hash: 4621C273604225AF9B20EF62BC8196BB7ADEF443647108818F92997259D735EC408BA2
          Function 0092B693 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
          Download Yara Rule
          APIs
          • GetEnvironmentStringsW.KERNEL32 ref: 0092B69B
            • Part of subcall function 0092B5A5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,009303F9,?,00000000,-00000008), ref: 0092B651
          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0092B6D3
          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0092B6F3
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
          • String ID:
          • API String ID: 158306478-0
          • Opcode ID: 01e66ca940e5dfdc58c1c35b29894ef70ef5778ebd641c980ad136108b242d0b
          • Instruction ID: 5a2ebbc58e408893258c58a2f607e404580c4bfd75993118cb6817e570a8e43a
          • Opcode Fuzzy Hash: 01e66ca940e5dfdc58c1c35b29894ef70ef5778ebd641c980ad136108b242d0b
          • Instruction Fuzzy Hash: 7711ADB15192397E661167F27C8AE7FBBDCDED93A47100428F901A5209EB249D0056B1
          Function 0090A478 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 66memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000000,04BBB450,0000006A,00000000,?,00000000,00000000,?,?,0090A2DC,?,0090D169,00000006,000000FF,?,?), ref: 0090A4DE
          • HeapReAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,0090A2DC,?,0090D169,00000006,000000FF,?,?,00000000,000000FF,00000000), ref: 0090A4E5
            • Part of subcall function 0090E635: GetProcessHeap.KERNEL32(00000000,00000000,00000000,0090DD32,?,00000000,?,?,0090A7CC,00000000,Failed while running the progress dialog.), ref: 0090E63A
            • Part of subcall function 0090E635: HeapFree.KERNEL32(00000000,?,00000000,?,?,0090A7CC,00000000,Failed while running the progress dialog.), ref: 0090E641
          Strings
          • Failed to realloc cleanup list buffer, xrefs: 0090A4F9
          • Failed to copy the file name, xrefs: 0090A4A3
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$Process$AllocFree
          • String ID: Failed to copy the file name$Failed to realloc cleanup list buffer
          • API String ID: 756756679-1190809427
          • Opcode ID: 3ec299810bd11f74b8f937ef461cea35c51c9a5d9a3d5bcfbaa0eeca05499efe
          • Instruction ID: 8452ab055b4a1bbabb08b27bec8e83725b987e7355b776e7c094229647126cd6
          • Opcode Fuzzy Hash: 3ec299810bd11f74b8f937ef461cea35c51c9a5d9a3d5bcfbaa0eeca05499efe
          • Instruction Fuzzy Hash: 5A11E275A1921AEFC700DBA5EC4496DB3B9FB85B54320401EF401E3280EB35EA02AF96
          Function 0090BA91 Relevance: 6.0, APIs: 4, Instructions: 35memoryCOMMON
          Download Yara Rule
          APIs
          • FreeLibrary.KERNEL32(?,?,00000000,?,009094F1), ref: 0090BAA6
          • GetProcessHeap.KERNEL32(00000000,?,00000000,?,009094F1), ref: 0090BABB
          • HeapFree.KERNEL32(00000000,?,009094F1), ref: 0090BAC2
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: FreeHeap$LibraryProcess
          • String ID:
          • API String ID: 3707289963-0
          • Opcode ID: ea510517175fd7f031f8239ecdf82d60e5909b5e6214ff5c334c57b76e5d73c1
          • Instruction ID: a4c7d88d0dbd26bb5e3a401b02a14560f3b1045dfd07237b44cd11eeb0f954bd
          • Opcode Fuzzy Hash: ea510517175fd7f031f8239ecdf82d60e5909b5e6214ff5c334c57b76e5d73c1
          • Instruction Fuzzy Hash: E6F08232214312DFD7285F68DC587A777E9FB44352F200429E657C1090D7795C50DB60
          Function 009321D7 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,009315AB,00000000,00000001,00000000,?,?,0092F4F9,?,00000000,00000000), ref: 009321EE
          • GetLastError.KERNEL32(?,009315AB,00000000,00000001,00000000,?,?,0092F4F9,?,00000000,00000000,?,?,?,0092FA80,00000000), ref: 009321FA
            • Part of subcall function 009321C0: CloseHandle.KERNEL32(FFFFFFFE,0093220A,?,009315AB,00000000,00000001,00000000,?,?,0092F4F9,?,00000000,00000000,?,?), ref: 009321D0
          • ___initconout.LIBCMT ref: 0093220A
            • Part of subcall function 0093217C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009321AB,00931598,?,?,0092F4F9,?,00000000,00000000,?), ref: 0093218F
          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,009315AB,00000000,00000001,00000000,?,?,0092F4F9,?,00000000,00000000,?), ref: 0093221F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
          • String ID:
          • API String ID: 2744216297-0
          • Opcode ID: 593c228a6992a9cf2d54341523758344d1f7d1de86054a9072fd7f320bf1a900
          • Instruction ID: bb20ca0e8e3089194af3f9e5215bec3c21b9c17f2e5e5da5b9c88f6da42ba7fb
          • Opcode Fuzzy Hash: 593c228a6992a9cf2d54341523758344d1f7d1de86054a9072fd7f320bf1a900
          • Instruction Fuzzy Hash: 52F0AC36519515BBCF222FD5EC05A9A7F66EB4A3A1F044111FB2895120C7328920EF91
          Function 0090BFBB Relevance: 5.2, APIs: 4, Instructions: 169memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,00909D96,?,?,00000000), ref: 0090C05D
          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,00909D96,?,?,00000000), ref: 0090C064
          • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00909D96,?,?,00000000), ref: 0090C17C
          • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00909D96,?,?,00000000), ref: 0090C183
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$Process$AllocFree
          • String ID:
          • API String ID: 756756679-0
          • Opcode ID: cf4fbab5332d3f3735f7113c2f8a6dc3c0c51917a84d9cff51b28e201840e756
          • Instruction ID: 5464a1563e464bd0219913b8ffe40222cf1f2ae1bfa5df5e1c73e9a6f904b3b1
          • Opcode Fuzzy Hash: cf4fbab5332d3f3735f7113c2f8a6dc3c0c51917a84d9cff51b28e201840e756
          • Instruction Fuzzy Hash: FE71E4B5A0420ADFCB54DFA8C484AAAF7F5FF48304F208669D815A7391DB74E945CFA0
          Function 0090DFDF Relevance: 5.0, APIs: 4, Instructions: 29memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000000,?,00000040,00000040,00000000,0090EA39,?,00000000,0093A91C,00900000,00900000,?,0090A98A,?,?,?), ref: 0090DFF7
          • HeapReAlloc.KERNEL32(00000000,?,0090A98A,?,?,?,?,0090A886), ref: 0090DFFE
          • GetProcessHeap.KERNEL32(00000008,00000040,00000040,00000000,0090EA39,?,00000000,0093A91C,00900000,00900000,?,0090A98A,?,?,?), ref: 0090E008
          • HeapAlloc.KERNEL32(00000000,?,0090A98A,?,?,?,?,0090A886), ref: 0090E00F
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocProcess
          • String ID:
          • API String ID: 1617791916-0
          • Opcode ID: 66036a3a640223716a5a099142e68eef9d0bbdc4da51b1491e243766785a66f6
          • Instruction ID: 0994285fddc870bf5f395246dc484daf6cce2d1335aba49f49ffef82acbb9e7c
          • Opcode Fuzzy Hash: 66036a3a640223716a5a099142e68eef9d0bbdc4da51b1491e243766785a66f6
          • Instruction Fuzzy Hash: EFE0923261C1229FC7200BF5AC1CA2ABA7DBF92B657248919F201C61A0DBB48850AF90
          Function 0090E027 Relevance: 5.0, APIs: 4, Instructions: 28memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000,80070057,0090E54A,?,00000000), ref: 0090E03D
          • HeapReAlloc.KERNEL32(00000000,?,00000000), ref: 0090E044
          • GetProcessHeap.KERNEL32(00000008,00000000,00000000,80070057,0090E54A,?,00000000), ref: 0090E04E
          • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 0090E055
          Memory Dump Source
          • Source File: 00000000.00000002.4471114618.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
          • Associated: 00000000.00000002.4471084138.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471177628.0000000000939000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.4471206571.000000000093B000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_900000_VisualStudioSetup.jbxd
          Similarity
          • API ID: Heap$AllocProcess
          • String ID:
          • API String ID: 1617791916-0
          • Opcode ID: addf8ac47fc5175749087fc4ee6b4251ccf4d374c430296045f1d90c16c031b6
          • Instruction ID: 37a15f065feda0b53213953bb9a8edb6f0cd8f765040f76c20336453122635a3
          • Opcode Fuzzy Hash: addf8ac47fc5175749087fc4ee6b4251ccf4d374c430296045f1d90c16c031b6
          • Instruction Fuzzy Hash: 58E0127221D122DFD7101BF5AC1CA6BBB7CFF51F617244915F205D2190DBB98950AFA0

          Execution Graph

          Execution Coverage:16.8%
          Dynamic/Decrypted Code Coverage:28.4%
          Signature Coverage:2.3%
          Total number of Nodes:257
          Total number of Limit Nodes:3
          execution_graph 75700 62038f0 75701 620394c 75700->75701 75704 6c6d3120 75701->75704 75719 6c6d1550 75704->75719 75709 6c6d3181 75741 6c6d1630 75709->75741 75712 6c6d31a3 75746 6c6d16b0 75712->75746 75714 6c6d31af 75715 6c6d16b0 42 API calls 75714->75715 75716 6c6d31be 75715->75716 75753 6c6d48f0 75716->75753 75718 62039b3 75761 6c6d2c00 75719->75761 75721 6c6d15a8 75722 6c6d2c00 41 API calls 75721->75722 75723 6c6d15d1 75722->75723 75724 6c6d23c0 75723->75724 75725 6c6d2420 75724->75725 75725->75725 75726 6c6d2c00 41 API calls 75725->75726 75727 6c6d2439 75726->75727 75773 6c6d25a0 75727->75773 75729 6c6d2452 75730 6c6d24ad SafeArrayCreate SafeArrayAccessData 75729->75730 75731 6c6d254c 75729->75731 75730->75731 75734 6c6d24d8 75730->75734 75808 6c6d1800 75731->75808 75733 6c6d253d SafeArrayUnaccessData 75733->75731 75734->75733 75737 6c6d250c SysAllocString 75734->75737 75735 6c6d2563 75736 6c6d16b0 42 API calls 75735->75736 75738 6c6d2572 75736->75738 75737->75733 75737->75734 75739 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75738->75739 75740 6c6d258c 75739->75740 75740->75709 75760 6c6d1b50 28 API calls 2 library calls 75740->75760 75742 6c6d165d 75741->75742 75743 6c6d1678 75741->75743 75742->75743 75744 6c6d834a 41 API calls 75742->75744 75743->75712 75745 6c6d16aa 75744->75745 75747 6c6d16dd 75746->75747 75748 6c6d16fe 75746->75748 75747->75748 75749 6c6d834a 41 API calls 75747->75749 75748->75714 75750 6c6d1732 75749->75750 75751 6c6d176e 75750->75751 75929 6c6d43f0 CryptMsgClose 75750->75929 75751->75714 75754 6c6d48f9 75753->75754 75755 6c6d48fb IsProcessorFeaturePresent 75753->75755 75754->75718 75757 6c6d50ce 75755->75757 75930 6c6d5092 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75757->75930 75759 6c6d51b1 75759->75718 75760->75709 75762 6c6d2c1e BuildCatchObjectHelperInternal 75761->75762 75763 6c6d2c50 ___scrt_uninitialize_crt 75761->75763 75762->75721 75764 6c6d2ce3 75763->75764 75766 6c6d834a 75763->75766 75764->75721 75771 6c6d8286 41 API calls ___std_exception_copy 75766->75771 75768 6c6d8359 75772 6c6d8367 11 API calls FindHandler 75768->75772 75770 6c6d8366 75771->75768 75772->75770 75774 6c6d262e 75773->75774 75815 6c6d31e0 CryptQueryObject 75774->75815 75775 6c6d27ca 75895 6c6d18b0 42 API calls 75775->75895 75777 6c6d27e8 75778 6c6d27fc 75777->75778 75896 6c6d43f0 CryptMsgClose 75777->75896 75780 6c6d16b0 42 API calls 75778->75780 75781 6c6d2808 75780->75781 75782 6c6d16b0 42 API calls 75781->75782 75805 6c6d279d 75782->75805 75783 6c6d2704 75807 6c6d31e0 57 API calls 75783->75807 75784 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75785 6c6d2885 75784->75785 75785->75729 75786 6c6d16b0 42 API calls 75787 6c6d264d 75786->75787 75787->75775 75787->75783 75787->75786 75894 6c6d1780 41 API calls 75787->75894 75789 6c6d2722 75890 6c6d1a60 41 API calls 75789->75890 75791 6c6d272f 75792 6c6d16b0 42 API calls 75791->75792 75793 6c6d274d 75792->75793 75794 6c6d16b0 42 API calls 75793->75794 75795 6c6d2759 75794->75795 75891 6c6d1780 41 API calls 75795->75891 75797 6c6d2765 75892 6c6d18b0 42 API calls 75797->75892 75799 6c6d2771 75800 6c6d2785 75799->75800 75893 6c6d43f0 CryptMsgClose 75799->75893 75802 6c6d16b0 42 API calls 75800->75802 75803 6c6d2791 75802->75803 75804 6c6d16b0 42 API calls 75803->75804 75804->75805 75805->75784 75807->75789 75809 6c6d182d 75808->75809 75812 6c6d1877 75808->75812 75810 6c6d1842 75809->75810 75811 6c6d16b0 42 API calls 75809->75811 75810->75812 75813 6c6d834a 41 API calls 75810->75813 75811->75809 75812->75735 75814 6c6d18ae 75813->75814 75816 6c6d3289 75815->75816 75817 6c6d3253 75815->75817 75897 6c6d3e80 75816->75897 75819 6c6d16b0 42 API calls 75817->75819 75820 6c6d326b 75819->75820 75822 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75820->75822 75824 6c6d3283 75822->75824 75824->75787 75825 6c6d32a4 CryptMsgGetParam 75826 6c6d3456 75825->75826 75827 6c6d3316 75825->75827 75829 6c6d3e80 42 API calls 75826->75829 75905 6c6d3bf0 43 API calls ___scrt_fastfail 75827->75905 75831 6c6d3460 75829->75831 75830 6c6d3331 CryptMsgGetParam 75832 6c6d346e 75830->75832 75850 6c6d3354 75830->75850 75833 6c6d565d __CxxThrowException@8 RaiseException 75831->75833 75834 6c6d3e80 42 API calls 75832->75834 75833->75832 75836 6c6d347b 75834->75836 75835 6c6d342a 75908 6c6d1780 41 API calls 75835->75908 75839 6c6d565d __CxxThrowException@8 RaiseException 75836->75839 75838 6c6d3390 lstrcmpA 75841 6c6d33a5 CryptMsgOpenToDecode CryptMsgUpdate 75838->75841 75838->75850 75842 6c6d3489 CryptMsgGetParam 75839->75842 75840 6c6d3436 75843 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75840->75843 75841->75850 75844 6c6d34ef 75842->75844 75845 6c6d3530 75842->75845 75846 6c6d3450 75843->75846 75909 6c6d3bf0 43 API calls ___scrt_fastfail 75844->75909 75849 6c6d3e80 42 API calls 75845->75849 75846->75787 75852 6c6d356f 75849->75852 75850->75835 75850->75838 75906 6c6d3830 44 API calls 75850->75906 75907 6c6d43f0 CryptMsgClose 75850->75907 75851 6c6d350b CryptMsgGetParam 75851->75845 75854 6c6d3537 75851->75854 75855 6c6d565d __CxxThrowException@8 RaiseException 75852->75855 75854->75845 75856 6c6d3542 75854->75856 75857 6c6d357d CertNameToStrW 75855->75857 75858 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75856->75858 75859 6c6d3679 75857->75859 75860 6c6d35d8 75857->75860 75861 6c6d355c 75858->75861 75862 6c6d3e80 42 API calls 75859->75862 75910 6c6d3ce0 43 API calls ___scrt_fastfail 75860->75910 75861->75787 75864 6c6d3683 75862->75864 75866 6c6d565d __CxxThrowException@8 RaiseException 75864->75866 75865 6c6d35f4 CertNameToStrW 75911 6c6d3ac0 41 API calls 2 library calls 75865->75911 75868 6c6d3613 75866->75868 75869 6c6d834a 41 API calls 75868->75869 75870 6c6d3644 75868->75870 75882 6c6d3696 75869->75882 75870->75787 75871 6c6d37ac 75873 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75871->75873 75872 6c6d36f0 lstrcmpA 75874 6c6d3709 CryptDecodeObject 75872->75874 75872->75882 75875 6c6d37e4 75873->75875 75876 6c6d380b 75874->75876 75877 6c6d3736 75874->75877 75875->75787 75879 6c6d3e80 42 API calls 75876->75879 75912 6c6d3bf0 43 API calls ___scrt_fastfail 75877->75912 75881 6c6d3818 75879->75881 75880 6c6d3754 CryptDecodeObject 75880->75876 75880->75882 75883 6c6d565d __CxxThrowException@8 RaiseException 75881->75883 75882->75871 75882->75872 75885 6c6d37ea 75882->75885 75913 6c6d1780 41 API calls 75882->75913 75884 6c6d3826 75883->75884 75914 6c6d3ac0 41 API calls 2 library calls 75885->75914 75888 6c6d37f3 75915 6c6d1780 41 API calls 75888->75915 75890->75791 75891->75797 75892->75799 75893->75800 75894->75787 75895->75777 75896->75778 75916 6c6d66da 75897->75916 75900 6c6d48f0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 75901 6c6d3296 75900->75901 75902 6c6d565d 75901->75902 75904 6c6d567d RaiseException 75902->75904 75904->75825 75905->75830 75906->75850 75907->75850 75908->75840 75909->75851 75910->75865 75911->75868 75912->75880 75913->75882 75914->75888 75915->75871 75917 6c6d3ed5 75916->75917 75918 6c6d66e7 75916->75918 75917->75900 75918->75917 75918->75918 75919 6c6d66f7 75918->75919 75926 6c6d83b6 15 API calls 2 library calls 75919->75926 75921 6c6d6704 75922 6c6d6714 75921->75922 75927 6c6d93b5 41 API calls 2 library calls 75921->75927 75928 6c6d839b 14 API calls __freea 75922->75928 75925 6c6d672a 75925->75917 75926->75921 75927->75922 75928->75925 75929->75751 75930->75759 75610 6204c28 75611 6204c69 GetNativeSystemInfo 75610->75611 75612 6204c96 75611->75612 75613 620c928 75614 620c973 MoveFileExW 75613->75614 75616 620c9c4 75614->75616 75617 6204558 75618 6204599 GlobalMemoryStatusEx 75617->75618 75619 62045c6 75618->75619 75620 f70848 75623 f72218 75620->75623 75624 f72258 75623->75624 75625 f72266 75624->75625 75628 f75340 75624->75628 75632 f75311 75624->75632 75629 f75353 75628->75629 75630 f754aa 75629->75630 75636 f7b798 75629->75636 75630->75625 75633 f75353 75632->75633 75634 f754aa 75633->75634 75635 f7b798 GetProcessTimes 75633->75635 75634->75625 75635->75634 75637 f7b7bc 75636->75637 75638 f7b8bf 75637->75638 75642 f7ba3f 75637->75642 75646 f7ba50 75637->75646 75638->75630 75639 f7b862 75639->75630 75643 f7ba5e 75642->75643 75644 f7ba73 75643->75644 75650 f7baf8 75643->75650 75644->75639 75647 f7ba5e 75646->75647 75648 f7ba73 75647->75648 75649 f7baf8 GetProcessTimes 75647->75649 75648->75639 75649->75648 75651 f7bb60 75650->75651 75652 f7bb24 75650->75652 75651->75644 75652->75651 75655 53e34e0 75652->75655 75669 53e34d0 75652->75669 75656 53e34ef 75655->75656 75658 53e3562 75655->75658 75657 53e34ff 75656->75657 75656->75658 75667 53e34e0 GetProcessTimes 75657->75667 75668 53e34d0 GetProcessTimes 75657->75668 75659 53e3637 75658->75659 75660 53e36d4 75658->75660 75664 53e34e0 GetProcessTimes 75659->75664 75665 53e34d0 GetProcessTimes 75659->75665 75683 53e3780 75660->75683 75661 53e3739 75661->75651 75662 53e366c 75662->75651 75663 53e353f 75663->75651 75664->75662 75665->75662 75667->75663 75668->75663 75670 53e34e0 75669->75670 75671 53e34ff 75670->75671 75675 53e3562 75670->75675 75681 53e34e0 GetProcessTimes 75671->75681 75682 53e34d0 GetProcessTimes 75671->75682 75672 53e353f 75672->75651 75673 53e3637 75678 53e34e0 GetProcessTimes 75673->75678 75679 53e34d0 GetProcessTimes 75673->75679 75674 53e36d4 75680 53e3780 GetProcessTimes 75674->75680 75675->75673 75675->75674 75676 53e3739 75676->75651 75677 53e366c 75677->75651 75678->75677 75679->75677 75680->75676 75681->75672 75682->75672 75684 53e378a 75683->75684 75685 53e37c7 75683->75685 75688 53e3897 75684->75688 75692 53e38a8 75684->75692 75685->75661 75689 53e38a8 75688->75689 75696 53e2ac4 75689->75696 75693 53e38ed 75692->75693 75694 53e2ac4 GetProcessTimes 75693->75694 75695 53e3910 75694->75695 75697 53e39f8 GetProcessTimes 75696->75697 75699 53e3910 75697->75699

          Executed Functions

          Function 6C6D31E0 Relevance: 51.3, APIs: 19, Strings: 10, Instructions: 530encryptionstringCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 6c6d31e0-6c6d3251 CryptQueryObject 1 6c6d3289-6c6d3310 call 6c6d3e80 call 6c6d565d CryptMsgGetParam 0->1 2 6c6d3253-6c6d3286 call 6c6d16b0 call 6c6d48f0 0->2 11 6c6d3456-6c6d3469 call 6c6d3e80 call 6c6d565d 1->11 12 6c6d3316-6c6d334e call 6c6d3bf0 CryptMsgGetParam 1->12 17 6c6d346e-6c6d34ed call 6c6d3e80 call 6c6d565d CryptMsgGetParam 11->17 12->17 18 6c6d3354-6c6d3384 12->18 35 6c6d34ef-6c6d352e call 6c6d3bf0 CryptMsgGetParam 17->35 36 6c6d3562 17->36 21 6c6d342a-6c6d3453 call 6c6d1780 call 6c6d48f0 18->21 22 6c6d338a-6c6d338c 18->22 25 6c6d3390-6c6d33a3 lstrcmpA 22->25 28 6c6d341b-6c6d3424 25->28 29 6c6d33a5-6c6d33d5 CryptMsgOpenToDecode CryptMsgUpdate 25->29 28->21 28->25 29->28 32 6c6d33d7-6c6d33e7 29->32 33 6c6d33e9-6c6d33f9 32->33 34 6c6d33fb-6c6d3402 call 6c6d3830 32->34 38 6c6d3407-6c6d3410 33->38 34->38 47 6c6d3537-6c6d3539 35->47 48 6c6d3530-6c6d3535 35->48 41 6c6d3567-6c6d35d2 call 6c6d3e80 call 6c6d565d CertNameToStrW 36->41 38->28 43 6c6d3412-6c6d3416 call 6c6d43f0 38->43 54 6c6d3679-6c6d368c call 6c6d3e80 call 6c6d565d 41->54 55 6c6d35d8-6c6d3620 call 6c6d3ce0 CertNameToStrW call 6c6d3ac0 41->55 43->28 50 6c6d353b-6c6d3540 47->50 51 6c6d3542-6c6d355f call 6c6d48f0 47->51 48->41 50->41 63 6c6d3691-6c6d36e3 call 6c6d834a 54->63 66 6c6d3663-6c6d3676 55->66 67 6c6d3622-6c6d3632 55->67 71 6c6d37af-6c6d37c5 63->71 72 6c6d36e9-6c6d36eb 63->72 69 6c6d3644-6c6d365c call 6c6d48dd 67->69 70 6c6d3634-6c6d3642 67->70 69->66 70->63 70->69 74 6c6d37cc-6c6d37e7 call 6c6d48f0 71->74 75 6c6d36f0-6c6d3703 lstrcmpA 72->75 78 6c6d379f-6c6d37a6 75->78 79 6c6d3709-6c6d3730 CryptDecodeObject 75->79 78->75 80 6c6d37ac 78->80 82 6c6d380b-6c6d3826 call 6c6d3e80 call 6c6d565d 79->82 83 6c6d3736-6c6d3780 call 6c6d3bf0 CryptDecodeObject 79->83 80->71 83->82 88 6c6d3786-6c6d378b 83->88 90 6c6d378d-6c6d3791 88->90 91 6c6d3793-6c6d379a call 6c6d1780 88->91 90->91 93 6c6d37ea-6c6d3809 call 6c6d3ac0 call 6c6d1780 90->93 91->78 93->74
          APIs
          • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 6C6D3249
          • __CxxThrowException@8.LIBVCRUNTIME ref: 6C6D329F
          • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,00000000,?), ref: 6C6D3305
          • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00000000), ref: 6C6D3346
          • lstrcmpA.KERNEL32(1.3.6.1.4.1.311.2.4.1,00000000,?,?), ref: 6C6D339B
          • CryptMsgOpenToDecode.CRYPT32(00010001,00000004,00000000,00000000,00000000,00000000), ref: 6C6D33B0
          Strings
          • 1.3.6.1.4.1.311.2.1.12, xrefs: 6C6D36F6
          • Failed to read unauthenticated attributes on root signature., xrefs: 6C6D346E
          • Failed to access signers info parameter on root signature., xrefs: 6C6D3562
          • Failed to get digital signature., xrefs: 6C6D3289
          • 1.3.6.1.4.1.311.2.4.1, xrefs: 6C6D3396
          • Failed to read signers info parameter on root signature., xrefs: 6C6D3530
          • Signature issuer field on signer info is empty., xrefs: 6C6D3679
          • Failed to access unauthenticated attributes on root signature., xrefs: 6C6D3456
          • Failed to decode message on C2R signature., xrefs: 6C6D380B
          • Signer info on nested signature is empty., xrefs: 6C6D353B
          Memory Dump Source
          • Source File: 00000002.00000002.4496361490.000000006C6D1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C6D0000, based on PE: true
          • Associated: 00000002.00000002.4496326066.000000006C6D0000.00000002.00000001.01000000.00000011.sdmpDownload File
          • Associated: 00000002.00000002.4496447586.000000006C6E2000.00000002.00000001.01000000.00000011.sdmpDownload File
          • Associated: 00000002.00000002.4496497697.000000006C6E9000.00000004.00000001.01000000.00000011.sdmpDownload File
          • Associated: 00000002.00000002.4496530575.000000006C6EB000.00000002.00000001.01000000.00000011.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6c6d0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: Crypt$Param$DecodeException@8ObjectOpenQueryThrowlstrcmp
          • String ID: 1.3.6.1.4.1.311.2.1.12$1.3.6.1.4.1.311.2.4.1$Failed to access signers info parameter on root signature.$Failed to access unauthenticated attributes on root signature.$Failed to decode message on C2R signature.$Failed to get digital signature.$Failed to read signers info parameter on root signature.$Failed to read unauthenticated attributes on root signature.$Signature issuer field on signer info is empty.$Signer info on nested signature is empty.
          • API String ID: 1568721723-2580239495
          • Opcode ID: b1c46ac082e116b64d4c61f63730059b036e9ec1fd6127702a471b9376bd4fd0
          • Instruction ID: a3e97ae2fc0581f54c94bb9a715717301ec32f68b1eab422e7019449233fdea2
          • Opcode Fuzzy Hash: b1c46ac082e116b64d4c61f63730059b036e9ec1fd6127702a471b9376bd4fd0
          • Instruction Fuzzy Hash: 5D12B271A04249EFDB00CF95C884FEEBBB8FF09714F11452AE915A7680D775AA44CBA8
          Function 060E4E88 Relevance: 2.9, Strings: 2, Instructions: 416COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$4'cq
          • API String ID: 0-3668452910
          • Opcode ID: 06c1ab65c3e4bcdf7431f9f62aa5e5e821800dad29fb17eb635ee680f81db8a7
          • Instruction ID: 578e0eff4afa89b49afeb1533ae2e1ba8dd309b262e6feff807bda92dc92f038
          • Opcode Fuzzy Hash: 06c1ab65c3e4bcdf7431f9f62aa5e5e821800dad29fb17eb635ee680f81db8a7
          • Instruction Fuzzy Hash: AEF18071E0075A8FCB16CFA8C8445DDBBF2AF85310F694655E405BB252DBB0A986CB90
          Function 00F72218 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: <dzq
          • API String ID: 0-649407279
          • Opcode ID: 0cd724eb78f0c1e8bc44045c4e2b1b4317ffc265625a3b2e6ba147aa800c0b61
          • Instruction ID: 9eb453f1798d1f3b6904c085b776c4b6420582a711627213955b5fbec1c71eb3
          • Opcode Fuzzy Hash: 0cd724eb78f0c1e8bc44045c4e2b1b4317ffc265625a3b2e6ba147aa800c0b61
          • Instruction Fuzzy Hash: 9CB16F74B00218DFD728DB24DC54BAABBB2FF88310F148099E549A7395CB74AD86DF51
          Function 0683CA70 Relevance: .7, Instructions: 689COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a113670d1b4d11c13dc01df687662d865a562613e07d49502300a8f61799b44e
          • Instruction ID: 03442f98d7d66133ac146b61fc20c114f113b4b6161e58d8084e90bd6f91540d
          • Opcode Fuzzy Hash: a113670d1b4d11c13dc01df687662d865a562613e07d49502300a8f61799b44e
          • Instruction Fuzzy Hash: 02525071A0021ACFDB25DF64C950AADB7B2FF89310F1185E9D409AB365DB70AE85CF90
          Function 060E64A1 Relevance: .6, Instructions: 649COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ae4a5407ab883922c00237eac210989aaab26be1e67d257e90d50f106fa2fcfd
          • Instruction ID: 72132a09b429195cfc8e2f600abd5e09b638ec8af04044f367e496e69f1cd572
          • Opcode Fuzzy Hash: ae4a5407ab883922c00237eac210989aaab26be1e67d257e90d50f106fa2fcfd
          • Instruction Fuzzy Hash: FB526B74A102158FDB54DF68C994B99BBF2BF89314F1581D9E409AB362CB71EE82CF40
          Function 0683BE38 Relevance: .3, Instructions: 316COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0105332dddf9a504a7ba03387493af1733a51ad3240b0b75be1b15c6487a068b
          • Instruction ID: e9b96ae67e5763de0ee1e63902f71a463247c71e4bb464cd9ae04623cc1d37b5
          • Opcode Fuzzy Hash: 0105332dddf9a504a7ba03387493af1733a51ad3240b0b75be1b15c6487a068b
          • Instruction Fuzzy Hash: 13E12671E01269CFDB25CF68C844B9DBBB2BF89310F1582D5D508BB251DB74AA85CF90
          Function 061B0D27 Relevance: 20.9, Strings: 16, Instructions: 882COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 99 61b0d27-61b0d61 100 61b0d6b-61b0d71 99->100 101 61b0d7d-61b1cee 100->101 322 61b1cf8-61b1d04 101->322 325 61b1d0a call 620e600 322->325 326 61b1d0a call 620e5f0 322->326 323 61b1d0f-61b1d25 325->323 326->323
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: eq$$&dq$(_cq$4'cq$4'cq$4'cq$4'cq$4ccq$4ccq$@bcq$|-dq$$cq$$cq$ccq$ccq$eq
          • API String ID: 0-98365856
          • Opcode ID: 1a259fe7a65a4739f945e715a755c9e1956216e41d918d8a9ee0f7a7ddb25e58
          • Instruction ID: 3979a86178958489878dd2c638d4ad14ad4c93646c231197fc70181e4069b2f8
          • Opcode Fuzzy Hash: 1a259fe7a65a4739f945e715a755c9e1956216e41d918d8a9ee0f7a7ddb25e58
          • Instruction Fuzzy Hash: 4B92D674900218DFDB259F64C854ADEBBB2FF89301F5085EAD6096B2A1DB319E85CF81
          Function 061B0D48 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 327 61b0d48-61b1d04 553 61b1d0a call 620e600 327->553 554 61b1d0a call 620e5f0 327->554 551 61b1d0f-61b1d25 553->551 554->551
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: eq$$&dq$(_cq$4'cq$4'cq$4'cq$4'cq$4ccq$4ccq$@bcq$|-dq$$cq$$cq$ccq$ccq$eq
          • API String ID: 0-98365856
          • Opcode ID: 4db9817bf926e6bb6133ef57dcb9b3f2699bb63f1ecc01f11550a436802fac70
          • Instruction ID: e4de2912d86dc92618d514c608a01b9f8e031b98cd6fc10bc58909c6f17c505f
          • Opcode Fuzzy Hash: 4db9817bf926e6bb6133ef57dcb9b3f2699bb63f1ecc01f11550a436802fac70
          • Instruction Fuzzy Hash: 9292D570900218DFDB259F64C854ADEBBB2FF89301F5085EAD6096B2A1DF319E85CF81
          Function 060E3BC0 Relevance: 14.1, Strings: 11, Instructions: 304COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 747 60e3bc0-60e3bf3 752 60e3c67-60e3c8c 747->752 753 60e3bf5-60e3bf7 747->753 759 60e3c93-60e3cef call 60e3a28 752->759 754 60e3bf9-60e3c03 753->754 755 60e3c05 753->755 756 60e3c0a-60e3c0c 754->756 755->756 758 60e3c12-60e3c64 756->758 756->759 775 60e3cfd 759->775 776 60e3cf1-60e3cfb 759->776 777 60e3d02-60e3d04 775->777 776->777 779 60e3d06-60e3d08 777->779 780 60e3d32-60e3d57 777->780 781 60e3d5e-60e3d83 779->781 782 60e3d0a-60e3d0e 779->782 780->781 784 60e3d8a-60e3ddd 781->784 782->784 785 60e3d10-60e3d2f 782->785 798 60e3ddf-60e3de1 784->798 799 60e3e58-60e3e7d 784->799 800 60e3de7-60e3de9 798->800 801 60e3e84-60e3ea9 798->801 799->801 802 60e3def-60e3df1 800->802 803 60e3eb0-60e3ed5 800->803 801->803 806 60e3edc-60e3f18 802->806 807 60e3df7-60e3e3e 802->807 803->806 823 60e3f1a-60e3f51 806->823 824 60e3f89 806->824 841 60e3e40 call 60e3f20 807->841 842 60e3e40 call 60e3bc0 807->842 843 60e3e40 call 60e3f11 807->843 835 60e3f75-60e3f88 823->835 836 60e3f53-60e3f63 823->836 826 60e3f8a-60e3f8e 824->826 828 60e3f99 826->828 829 60e3f90 826->829 832 60e3f9a 828->832 829->828 832->832 833 60e3e46 837 60e3e4e-60e3e55 833->837 835->826 844 60e3f66 call 60e4d5f 836->844 845 60e3f66 call 60e635f 836->845 846 60e3f66 call 60e854a 836->846 847 60e3f66 call 60e8558 836->847 848 60e3f66 call 60e4d70 836->848 849 60e3f66 call 60e6370 836->849 839 60e3f68-60e3f73 839->835 839->836 841->833 842->833 843->833 844->839 845->839 846->839 847->839 848->839 849->839
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$(gq$(gq$(gq$(gq$(gq$(gq$(gq$4'cq$4'cq
          • API String ID: 0-1588939521
          • Opcode ID: 02feffdac702d22db1a5b8e803cb0c7b743f3bf96071b08b549dd48c809efafa
          • Instruction ID: 2965344d66795527d096c5418211dde2d9ed65433934bf5498666ea53918af7a
          • Opcode Fuzzy Hash: 02feffdac702d22db1a5b8e803cb0c7b743f3bf96071b08b549dd48c809efafa
          • Instruction Fuzzy Hash: 27A1E6357042258FC799EB68D8246AE7FE2EFC4310B248969E806DB381DF389E45C7D1
          Function 6C6D23C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 150memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          • SafeArrayCreate.OLEAUT32(00000008,00000001,?), ref: 6C6D24BF
          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6C6D24CC
          • SysAllocString.OLEAUT32 ref: 6C6D250D
          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6C6D2542
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4496361490.000000006C6D1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C6D0000, based on PE: true
          • Associated: 00000002.00000002.4496326066.000000006C6D0000.00000002.00000001.01000000.00000011.sdmpDownload File
          • Associated: 00000002.00000002.4496447586.000000006C6E2000.00000002.00000001.01000000.00000011.sdmpDownload File
          • Associated: 00000002.00000002.4496497697.000000006C6E9000.00000004.00000001.01000000.00000011.sdmpDownload File
          • Associated: 00000002.00000002.4496530575.000000006C6EB000.00000002.00000001.01000000.00000011.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6c6d0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: ArraySafe$Data$AccessAllocCreateStringUnaccess
          • String ID: A"ml$A"ml
          • API String ID: 157885995-3113457742
          • Opcode ID: 8c7ecbf9e410c60efd1ae7b5bc738c19564ecdaa21296487d8095cfd294cb69b
          • Instruction ID: 59c6ef255b899c0c2f201bbd17a7f07fe15ace75e6471cab291a6c25fabfdfa4
          • Opcode Fuzzy Hash: 8c7ecbf9e410c60efd1ae7b5bc738c19564ecdaa21296487d8095cfd294cb69b
          • Instruction Fuzzy Hash: 6B518F71E102099BCB08DFA8C998BEEBBB5FF49314F454259E801AB780DB75AD05CB94
          Function 00F7E6E8 Relevance: 10.4, Strings: 8, Instructions: 357COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 876 f7e6e8-f7e72e 879 f7e734-f7e738 876->879 880 f7e86e-f7e893 876->880 881 f7e73e-f7e742 879->881 882 f7e89a-f7e8bf 879->882 880->882 883 f7e8c6-f7e913 881->883 884 f7e748-f7e86b 881->884 882->883 899 f7e915-f7e931 883->899 900 f7e934-f7e981 883->900 912 f7e983-f7e990 900->912 913 f7e991-f7e994 900->913 915 f7e996-f7e9ad 913->915 916 f7e9ae-f7e9b0 913->916 919 f7e9b2-f7e9b7 916->919 920 f7e9b8-f7ea2a 916->920 934 f7ea96-f7eabb 920->934 935 f7ea2c-f7ea2e 920->935 937 f7eac2-f7eae7 934->937 936 f7ea34-f7ea36 935->936 935->937 940 f7eaee-f7eafa 936->940 941 f7ea3c-f7ea93 936->941 937->940 947 f7eafe-f7eb39 940->947 962 f7eb3b-f7eb53 call f7f579 947->962 965 f7eb59-f7eb5d 962->965 966 f7eb5f-f7eb69 965->966 967 f7eb6b 965->967 970 f7eb70-f7eb72 966->970 967->970 971 f7eb74-f7eb7b 970->971 972 f7eb7c-f7eb91 970->972
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$(gq$(gq$(gq$(gq$(gq$4'cq
          • API String ID: 0-756161559
          • Opcode ID: 9cff2430d1a62cc1e1a308242dddd194c1a4a95e2ac19e1611dfc7423dca4592
          • Instruction ID: 74940182b1f4c58697e1d59f6be85c6d53be380bd6956933a5b28579b414bb50
          • Opcode Fuzzy Hash: 9cff2430d1a62cc1e1a308242dddd194c1a4a95e2ac19e1611dfc7423dca4592
          • Instruction Fuzzy Hash: 09C116717042454FC705AB68D82026E7FB6EFC5310B6489AEE849DF3C6DE389E4587D2
          Function 060E37B1 Relevance: 7.7, Strings: 6, Instructions: 240COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1836 60e37b1-60e37b8 1837 60e37ba-60e37dd 1836->1837 1838 60e3821-60e383a 1836->1838 1839 60e383c-60e383f 1838->1839 1840 60e3840-60e384c 1838->1840 1839->1840 1843 60e384e-60e388d 1840->1843 1844 60e38bc-60e3917 1840->1844 1854 60e3919 1844->1854 1855 60e3923-60e3941 1844->1855 1854->1855 1911 60e3943 call 60e3a28 1855->1911 1912 60e3943 call 60e37b1 1855->1912 1913 60e3943 call 60e37e1 1855->1913 1859 60e3949-60e394e 1860 60e39bb-60e39e0 1859->1860 1861 60e3950-60e3954 1859->1861 1867 60e39e7-60e3a51 1860->1867 1862 60e3956-60e3963 1861->1862 1863 60e3965 1861->1863 1864 60e396a-60e396c 1862->1864 1863->1864 1866 60e396e-60e39b8 1864->1866 1864->1867 1882 60e3a5d-60e3a7b 1867->1882 1883 60e3a53 1867->1883 1887 60e3b1c-60e3b41 1882->1887 1888 60e3a81-60e3a85 1882->1888 1883->1882 1890 60e3b48-60e3bae 1887->1890 1889 60e3a8b-60e3b19 1888->1889 1888->1890 1911->1859 1912->1859 1913->1859
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: acq$(gq$(gq$(gq$4'cq${M
          • API String ID: 0-776960865
          • Opcode ID: e069943b7ab76edb9b5922a61fd214c7837f786d5ec4f37673cff6ba2b0b85b2
          • Instruction ID: 3a21ba4cd8402707c7232f12de9126efa3e3f5ab3e33274c97bc824a461a3371
          • Opcode Fuzzy Hash: e069943b7ab76edb9b5922a61fd214c7837f786d5ec4f37673cff6ba2b0b85b2
          • Instruction Fuzzy Hash: D981FE717042128FC745DB28D8906AE7FE2EF85314B1489AAE409CF396DB78DE458BD1
          Function 00F75800 Relevance: 6.7, Strings: 5, Instructions: 439COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1914 f75800-f7580d 1915 f75813-f75817 1914->1915 1916 f75900-f7593d 1914->1916 1917 f75944-f75981 1915->1917 1918 f7581d-f75821 1915->1918 1916->1917 1920 f75988-f759ed 1917->1920 1919 f75827-f7582a 1918->1919 1918->1920 1922 f7582f-f75846 1919->1922 1923 f7582c 1919->1923 1944 f75a57-f75a7c 1920->1944 1945 f759ef-f759fd 1920->1945 1930 f75862-f7587d 1922->1930 1931 f75848-f75860 1922->1931 1923->1922 1939 f7587f 1930->1939 1940 f75889-f758a1 1930->1940 1931->1930 1939->1940 1950 f758a3 1940->1950 1951 f758ad-f758fd 1940->1951 1959 f75a83-f75b0f 1944->1959 1948 f75a02-f75a21 1945->1948 1949 f759ff 1945->1949 1948->1959 1960 f75a23-f75a47 call f75d0f 1948->1960 1949->1948 1950->1951 1973 f75b11-f75b24 1959->1973 1974 f75b4f-f75bab 1959->1974 1963 f75a4d-f75a54 1960->1963 1977 f75b26-f75b2f 1973->1977 1978 f75b30-f75b35 1973->1978 1985 f75bb1-f75bcc 1974->1985 1986 f75cab-f75d0a 1974->1986 1979 f75b37-f75b3f 1978->1979 1980 f75b40-f75b4e 1978->1980 1987 f75bce 1985->1987 1988 f75bd8-f75c14 1985->1988 1987->1988 1994 f75c16 1988->1994 1995 f75c20-f75c3e 1988->1995 1994->1995 1998 f75c95-f75ca8 1995->1998 1999 f75c40-f75c52 1995->1999 2000 f75c54 1999->2000 2001 f75c5e-f75c71 1999->2001 2000->2001 2003 f75c73-f75c8b 2001->2003 2004 f75c8e-f75c93 2001->2004 2004->1998 2004->1999
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$(gq$(gq$4'cq
          • API String ID: 0-207200120
          • Opcode ID: 63259ac68bf9a6115262d4adde52abebd24b7b3d637308f88fa8bc8268e10f7b
          • Instruction ID: 53a53674a325e35d8e20a7a65013f8f57ccaee8c641d86c7894d20c68dad0b10
          • Opcode Fuzzy Hash: 63259ac68bf9a6115262d4adde52abebd24b7b3d637308f88fa8bc8268e10f7b
          • Instruction Fuzzy Hash: 89F1B271B006598FCB05DF68D8506AEBBF2FF89310B24856AE509EB351DB34ED42CB91
          Function 061B2A10 Relevance: 6.5, Strings: 5, Instructions: 222COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2007 61b2a10-61b2a22 2008 61b2bf9-61b2c54 2007->2008 2009 61b2a28-61b2a39 2007->2009 2029 61b2c62-61b2c66 2008->2029 2030 61b2c56-61b2c58 2008->2030 2012 61b2a3b-61b2a4c 2009->2012 2013 61b2a9c-61b2aa7 2009->2013 2020 61b2aea-61b2af5 2012->2020 2021 61b2a52-61b2a63 2012->2021 2017 61b2ab9-61b2ac7 2013->2017 2018 61b2aa9-61b2ab7 2013->2018 2025 61b2acd-61b2ae5 2017->2025 2018->2025 2027 61b2b09-61b2b15 2020->2027 2028 61b2af7-61b2b04 2020->2028 2031 61b2b1a-61b2b25 2021->2031 2032 61b2a69-61b2a7a 2021->2032 2039 61b2bef-61b2bf6 2025->2039 2027->2039 2028->2039 2072 61b2c68 call 61b2cb8 2029->2072 2073 61b2c68 call 61b2ca7 2029->2073 2030->2029 2040 61b2b37-61b2b41 2031->2040 2041 61b2b27-61b2b32 2031->2041 2045 61b2b4d-61b2b58 2032->2045 2046 61b2a80-61b2a91 2032->2046 2037 61b2c6e-61b2c72 2042 61b2c7e-61b2c86 2037->2042 2043 61b2c74-61b2c7b 2037->2043 2051 61b2b48 2040->2051 2041->2039 2047 61b2c88-61b2c8a 2042->2047 2048 61b2c94-61b2c96 2042->2048 2055 61b2b6a-61b2b7b 2045->2055 2056 61b2b5a-61b2b65 2045->2056 2053 61b2b7d-61b2b88 2046->2053 2054 61b2a97-61b2bc3 2046->2054 2047->2048 2057 61b2c9d-61b2ca2 2048->2057 2051->2039 2063 61b2b8a-61b2b95 2053->2063 2064 61b2b97-61b2ba8 2053->2064 2068 61b2bd2-61b2bdb 2054->2068 2069 61b2bc5-61b2bd0 2054->2069 2055->2039 2056->2039 2063->2039 2064->2039 2071 61b2be3-61b2be5 2068->2071 2069->2071 2071->2039 2072->2037 2073->2037
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$\;cq$l;p$?p$|bq
          • API String ID: 0-2405408525
          • Opcode ID: af80e8592e0a20538d594bf233ef154ae59415aa4d4bcc6cbee4eb9627bcd0c8
          • Instruction ID: eee8c07107787781ab61acffe42950614b9c8b5654f878572aef563e454bdc4a
          • Opcode Fuzzy Hash: af80e8592e0a20538d594bf233ef154ae59415aa4d4bcc6cbee4eb9627bcd0c8
          • Instruction Fuzzy Hash: E16106B4B142164FD7589B7AC9606BFB7E7AFC4240B14C42AD805D7398EF34DD0687A1
          Function 060EBD70 Relevance: 6.5, Strings: 5, Instructions: 216COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2074 60ebd70-60ebd9c 2078 60ebd9e-60ebdb4 2074->2078 2079 60ebde1-60ebe3d 2074->2079 2082 60ebdbd-60ebdde 2078->2082 2083 60ebdb6 2078->2083 2094 60ebe4f-60ebe8c 2079->2094 2095 60ebe3f-60ebe4e 2079->2095 2082->2079 2083->2082 2101 60ebe8e-60ebec3 2094->2101 2102 60ebf00-60ebf05 2094->2102 2101->2102 2103 60ebf07-60ebf10 2102->2103 2104 60ebf11-60ebf49 2102->2104 2115 60ebf4b-60ebf54 2104->2115 2116 60ebf56-60ebf5d 2104->2116 2115->2116 2117 60ebf5f-60ebf68 2116->2117 2118 60ebf69-60ebfa1 2116->2118 2124 60ebfae-60ebfb5 2118->2124 2125 60ebfa3-60ebfa9 2118->2125 2127 60ebfb6-60ebfbe call 60ec02f 2124->2127 2126 60ebfab-60ebfac 2125->2126 2125->2127 2126->2124 2128 60ebfc4-60ec02c 2127->2128
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $"dq$(gq$(gq$(gq$4'cq
          • API String ID: 0-2376811620
          • Opcode ID: 5a0f6c2f48e6a36c1994c93c5d2d573d95bb9213c45bc341103c583c8900d7ae
          • Instruction ID: 59370e686b4f8324ffdc0bdabc8536909e01cc0769cc404eef0663ac107ee3b9
          • Opcode Fuzzy Hash: 5a0f6c2f48e6a36c1994c93c5d2d573d95bb9213c45bc341103c583c8900d7ae
          • Instruction Fuzzy Hash: 356114306042069FC359EB6CD8505AEBFF2EFC5310B248969E446CB296DF78AE45C7E1
          Function 060E3A28 Relevance: 6.4, Strings: 5, Instructions: 118COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2139 60e3a28-60e3a51 2142 60e3a5d-60e3a7b 2139->2142 2143 60e3a53 2139->2143 2147 60e3b1c-60e3b41 2142->2147 2148 60e3a81-60e3a85 2142->2148 2143->2142 2150 60e3b48-60e3bae 2147->2150 2149 60e3a8b-60e3b19 2148->2149 2148->2150
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: acq$(gq$(gq$4'cq${M
          • API String ID: 0-2335992684
          • Opcode ID: b50f5049a7d4036499ea333a47fb64ea94564b78729169b7586e902e67621c83
          • Instruction ID: a57d65b85a42f2131e0bf8ccc0948d529908be38f3c6f01ad4b409e7359160ab
          • Opcode Fuzzy Hash: b50f5049a7d4036499ea333a47fb64ea94564b78729169b7586e902e67621c83
          • Instruction Fuzzy Hash: 19418D707042159FC745EB69E890A5E7FE2EF893107208A69E409CF386DF78EE558BD0
          Function 061BE838 Relevance: 5.5, Strings: 4, Instructions: 464COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2171 61be838-61be84b 2172 61be973-61be998 2171->2172 2173 61be851-61be865 2171->2173 2180 61be99f-61be9c6 2172->2180 2177 61be86b-61be87e 2173->2177 2182 61be880-61be893 2177->2182 2183 61be8b7-61be8cc 2177->2183 2186 61beb86-61beb9e 2180->2186 2182->2183 2190 61be895-61be8b5 2182->2190 2188 61be969-61be972 2183->2188 2189 61be8d2-61be8d4 2183->2189 2198 61be9cb-61be9e5 2186->2198 2199 61beba4-61bebab 2186->2199 2191 61be8e3-61be8e9 2189->2191 2192 61be8d6-61be8db 2189->2192 2190->2183 2191->2180 2194 61be8ef-61be909 2191->2194 2192->2191 2204 61be90b-61be921 2194->2204 2205 61be95d-61be963 2194->2205 2198->2186 2203 61be9eb-61be9f4 2198->2203 2206 61be9fa-61bea1d 2203->2206 2207 61bebae-61bebf0 2203->2207 2215 61be939-61be940 2204->2215 2216 61be923-61be929 2204->2216 2205->2188 2205->2189 2228 61bea23-61bea2e 2206->2228 2229 61beae2-61beb04 2206->2229 2212 61becbd-61bed18 call 61b5de8 2207->2212 2213 61bebf6-61bebf8 2207->2213 2254 61bed1a-61bed2e 2212->2254 2255 61bed56-61bed6d 2212->2255 2217 61bebfa-61bec01 2213->2217 2218 61bec04-61bec0c 2213->2218 2221 61be94f-61be95a 2215->2221 2222 61be942-61be947 2215->2222 2219 61be92b 2216->2219 2220 61be92d-61be92f 2216->2220 2223 61bec1a-61bec2f 2218->2223 2224 61bec0e-61bec10 2218->2224 2219->2215 2220->2215 2221->2205 2222->2221 2236 61bec83-61bec9c 2223->2236 2237 61bec31-61bec34 2223->2237 2224->2223 2238 61bea9e-61beacc 2228->2238 2239 61bea30-61bea60 2228->2239 2256 61beb0a-61beb0e 2229->2256 2257 61beb06-61beb08 2229->2257 2244 61bec9e 2236->2244 2245 61beca7 2236->2245 2240 61bec37-61bec3f 2237->2240 2269 61bead2-61beadd 2238->2269 2270 61beb74-61beb80 2238->2270 2276 61bea72-61bea86 2239->2276 2277 61bea62-61bea6d 2239->2277 2246 61bec4d-61bec5f 2240->2246 2247 61bec41-61bec43 2240->2247 2244->2245 2245->2212 2260 61bec6d-61bec81 2246->2260 2261 61bec61-61bec63 2246->2261 2247->2246 2274 61bed30 2254->2274 2275 61bed37-61bed54 2254->2275 2271 61bedab-61bedb9 2255->2271 2272 61bed6f-61bed83 2255->2272 2262 61beb14-61beb1a 2256->2262 2257->2262 2260->2236 2260->2240 2261->2260 2266 61beb2e-61beb64 2262->2266 2267 61beb1c-61beb2c 2262->2267 2266->2270 2298 61beb66-61beb6c 2266->2298 2267->2266 2269->2270 2270->2186 2270->2203 2288 61bed8c-61beda9 2272->2288 2289 61bed85 2272->2289 2274->2275 2275->2255 2276->2270 2292 61bea8c-61bea99 2276->2292 2277->2270 2288->2271 2289->2288 2292->2270 2298->2270
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$,gq$,gq
          • API String ID: 0-290326250
          • Opcode ID: 1f04a9c8edcf1e02802ef9a73c6e0331b4f9010b9d87db7c552892bb733b127d
          • Instruction ID: 5cde77a6cb1ac5e8bfc438c15e568454544e48ec17bc1392b6d5f2b3e4ab99bd
          • Opcode Fuzzy Hash: 1f04a9c8edcf1e02802ef9a73c6e0331b4f9010b9d87db7c552892bb733b127d
          • Instruction Fuzzy Hash: 39F19930B002058FCB54DF28D9949AEBBF2EF89390B258569E416DB3A1DF34ED45CB91
          Function 061B7920 Relevance: 5.2, Strings: 4, Instructions: 214COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2299 61b7920-61b7937 2300 61b7939-61b793d 2299->2300 2301 61b794f-61b795d 2299->2301 2300->2301 2302 61b793f-61b7942 2300->2302 2304 61b7b0c-61b7b75 2301->2304 2305 61b7963 2301->2305 2306 61b794a 2302->2306 2326 61b7b7c-61b7ba2 2304->2326 2305->2304 2308 61b7aeb-61b7af7 2305->2308 2309 61b796a-61b797c 2305->2309 2310 61b7a6a-61b7a77 2305->2310 2311 61b7989-61b7997 2305->2311 2312 61b7a3e-61b7a65 2305->2312 2313 61b7aa3-61b7abc 2305->2313 2314 61b79c7-61b79d2 2305->2314 2315 61b79a4-61b79c2 2305->2315 2307 61b7b02-61b7b09 2306->2307 2325 61b7afd 2308->2325 2308->2326 2363 61b797e call 61b8309 2309->2363 2364 61b797e call 61b7ff0 2309->2364 2365 61b797e call 61b81a6 2309->2365 2330 61b7a79-61b7a7e 2310->2330 2331 61b7a83-61b7aa1 2310->2331 2322 61b799f 2311->2322 2312->2307 2340 61b7abe-61b7ac4 2313->2340 2341 61b7ad6-61b7ae9 2313->2341 2327 61b79ea-61b79fa 2314->2327 2328 61b79d4-61b79da 2314->2328 2315->2307 2321 61b7984 2321->2307 2322->2307 2325->2301 2325->2307 2343 61b7a09-61b7a19 2327->2343 2344 61b79fc-61b7a04 2327->2344 2333 61b79de-61b79e0 2328->2333 2334 61b79dc 2328->2334 2330->2307 2331->2307 2333->2327 2334->2327 2346 61b7ac8-61b7ad4 2340->2346 2347 61b7ac6 2340->2347 2341->2307 2355 61b7a1b-61b7a1d 2343->2355 2356 61b7a22-61b7a39 2343->2356 2344->2307 2346->2341 2347->2341 2355->2307 2356->2307 2363->2321 2364->2321 2365->2321
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $cq$$cq$$cq$$cq
          • API String ID: 0-2876200767
          • Opcode ID: ca53cc4623ffa54feb056ba8e6ba63172cdd755f48af5decf1dc48a51922535d
          • Instruction ID: f78630bcc50298f4784a3b30ea7f7a380f85d019d2e249e87638c7773c70ca6a
          • Opcode Fuzzy Hash: ca53cc4623ffa54feb056ba8e6ba63172cdd755f48af5decf1dc48a51922535d
          • Instruction Fuzzy Hash: 817186707100059FDB8A9F69C9589AE7BB6FFCCB10B1188A9E506CB3A1CB31DD51CB91
          Function 00F7DB50 Relevance: 5.1, Strings: 4, Instructions: 90COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$4'cq$`dq
          • API String ID: 0-4229060544
          • Opcode ID: e67a80c3400cd4078f28cee5b689c99126ba398ad024ced0c0bd3c8b1baca059
          • Instruction ID: 0d5ea41ba87f2997608aba116a8e65e20f175cc87301dc5c830afe27ea0b8bf4
          • Opcode Fuzzy Hash: e67a80c3400cd4078f28cee5b689c99126ba398ad024ced0c0bd3c8b1baca059
          • Instruction Fuzzy Hash: 992128713002154BC305AB6DDC5055E7BA7EFC5310B608A79F809CB381DE689E4543D5
          Function 061B9748 Relevance: 4.2, Strings: 3, Instructions: 469COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$(gq
          • API String ID: 0-3964246382
          • Opcode ID: abb131cd0038ba27eec4f677d8142123fcae651e7cde57baf6677ff3186ce4a7
          • Instruction ID: a3ef1590c3dcefe9908c3651740c7d3741b148b59382321703d1d40abb839413
          • Opcode Fuzzy Hash: abb131cd0038ba27eec4f677d8142123fcae651e7cde57baf6677ff3186ce4a7
          • Instruction Fuzzy Hash: 05F18E35B102058FDB49EF68C894AAE7BB6EF89710B104469E606DB3A5DF74DC42CB81
          Function 060ECDED Relevance: 3.9, Strings: 3, Instructions: 185COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq$4'cq$| gq
          • API String ID: 0-3263054930
          • Opcode ID: 6ff6a1acf3f0e5cad5cde4fcb366ede64e0a2487199137c394e0d9a153897dd2
          • Instruction ID: bf1890308f713910d55505a8eceddf854b059f4cc19d197605496956ecb10ac0
          • Opcode Fuzzy Hash: 6ff6a1acf3f0e5cad5cde4fcb366ede64e0a2487199137c394e0d9a153897dd2
          • Instruction Fuzzy Hash: AC61C3307007029FC715EF68D89069EBBB2FF89304B108D2DE5468B295DB75BA5ACBD1
          Function 060ECE7D Relevance: 3.9, Strings: 3, Instructions: 175COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq$4'cq$| gq
          • API String ID: 0-3263054930
          • Opcode ID: 2856668aeae72c14b71e21a71d30a7f2a7085fccd2fd0c268010f473e636aae8
          • Instruction ID: d6fe62de5106b35c07617cbfa02c6f8aed998f5486e05b5ac96cbbeef5dc072a
          • Opcode Fuzzy Hash: 2856668aeae72c14b71e21a71d30a7f2a7085fccd2fd0c268010f473e636aae8
          • Instruction Fuzzy Hash: B061A0306007019FC715EF68D89099ABBF2FF89304B108A2DE5468B655DB74BA9ACBD1
          Function 061BF900 Relevance: 3.9, Strings: 3, Instructions: 175COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: ($4'cq$$cq
          • API String ID: 0-987830381
          • Opcode ID: 9797d5904562063f31a0fe3ab339500fa469380f6e99e993612974cf687e72f6
          • Instruction ID: 41ace4bbc55e5ec252a2124874e0aa8c37ea34b4ed45248cd0cfa360f26fdda3
          • Opcode Fuzzy Hash: 9797d5904562063f31a0fe3ab339500fa469380f6e99e993612974cf687e72f6
          • Instruction Fuzzy Hash: B051E8366052459FCF19DF75EC84AEABBA6FF85350B089066F905C71B1C731C8A2DBA0
          Function 060ECEA0 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq$4'cq$| gq
          • API String ID: 0-3263054930
          • Opcode ID: 3272be601e7fb88c81a91ad1f977ad3f84d5933ee43fbc9d80f99179358136a4
          • Instruction ID: fa5c6dbbcce251ba87586c9611a8afa76783fea43dc02a97c68adbcaa743c292
          • Opcode Fuzzy Hash: 3272be601e7fb88c81a91ad1f977ad3f84d5933ee43fbc9d80f99179358136a4
          • Instruction Fuzzy Hash: AC51A3306007019FC715EF69D880A9FBBF2FF89304B10892CF5464B655DB74BA9A8BD0
          Function 060E1180 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4ccq$4ccq$LRcq
          • API String ID: 0-1121896274
          • Opcode ID: 88639e3092f7242484f60ea4f83627ce0cd70e968b0fa496cbd72fab9a4bd223
          • Instruction ID: be0618dffaef56459981ad83d27e3261b15690b56d580f640eb0c668d31e90d9
          • Opcode Fuzzy Hash: 88639e3092f7242484f60ea4f83627ce0cd70e968b0fa496cbd72fab9a4bd223
          • Instruction Fuzzy Hash: 42516D75B001189FCB44DFA9D884AAEFBF2FF89210B50816EE509DB361DB309D51CB90
          Function 061B8748 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$(gq
          • API String ID: 0-3964246382
          • Opcode ID: b15bbd76852a050d81e70d115129be019083c0fb66a9051d90d870050765beb3
          • Instruction ID: f8705f8be1f75cd18f8408a39873db2136f8474aefb3d85472fd2b2a9a7de8fd
          • Opcode Fuzzy Hash: b15bbd76852a050d81e70d115129be019083c0fb66a9051d90d870050765beb3
          • Instruction Fuzzy Hash: 7C41E2347047008FD7E89B28D4906BEB7F9FB41B14F10A86AE947CBA91C7B4E8818791
          Function 060E37E1 Relevance: 3.9, Strings: 3, Instructions: 146COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$4'cq
          • API String ID: 0-1538026916
          • Opcode ID: 1ae91fe409a42cd8299a1985e2b5a81258a441e61061f93fc4c7090b3faa66fb
          • Instruction ID: 14337873f83b543314f855536497ab47f37bf910de5a0bfa9c0b0aecd2d19ea9
          • Opcode Fuzzy Hash: 1ae91fe409a42cd8299a1985e2b5a81258a441e61061f93fc4c7090b3faa66fb
          • Instruction Fuzzy Hash: 2E51FF717042118FCB49DB28D890AAE7FE6EF84314B1489A9F809CF296DF78DE45C791
          Function 060E8B38 Relevance: 3.9, Strings: 3, Instructions: 131COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$(gq
          • API String ID: 0-3964246382
          • Opcode ID: ce11793e814e0f439fb4e8e0c53f53c753429833b6f28fa882942f9b21d5cc4a
          • Instruction ID: f751ca0eab6256752578973fbe5200ec02b8f053460f8d115b4ba32e81003a2b
          • Opcode Fuzzy Hash: ce11793e814e0f439fb4e8e0c53f53c753429833b6f28fa882942f9b21d5cc4a
          • Instruction Fuzzy Hash: 3451B330A006168FCF55EF68D45059EBBF2EF89310720CA69E845AB345DF34AE86CB91
          Function 00F77910 Relevance: 3.9, Strings: 3, Instructions: 125COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq$Hgq
          • API String ID: 0-3837630004
          • Opcode ID: 1f57d42c2319f87a7aa263782c0f7caaf53d0bf4e42a1473045a002193dbbcd0
          • Instruction ID: ba76110a7666f34e0588435deed0ce975589a77fc335f4b54694954d1b5938b7
          • Opcode Fuzzy Hash: 1f57d42c2319f87a7aa263782c0f7caaf53d0bf4e42a1473045a002193dbbcd0
          • Instruction Fuzzy Hash: 7E313932B0D3955FD71AAB785C6056E7FB6AFC232071884BBE409DB282DE284D05D3D2
          Function 061BCCB0 Relevance: 3.0, Strings: 2, Instructions: 468COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$d
          • API String ID: 0-4050097227
          • Opcode ID: 6f83a7916bacb01b020ae2643e8937972cf15428c53fc27388540f45deffcd7a
          • Instruction ID: 5506814ae854fe5231c5b6ceede253cea86e4a17df919879f10e490146ed6f32
          • Opcode Fuzzy Hash: 6f83a7916bacb01b020ae2643e8937972cf15428c53fc27388540f45deffcd7a
          • Instruction Fuzzy Hash: 11027E74A006058FC754DF29C4809AABBF2FF89314B25D669E45ADB761DB30FC46CB90
          Function 061B1E50 Relevance: 2.9, Strings: 2, Instructions: 436COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$d
          • API String ID: 0-4050097227
          • Opcode ID: 32ac026bfe84dc01b29bd954a25de4f61430cb9c187ad0831f93128724f7847a
          • Instruction ID: 811286b91f277d5e43aea695958a71cfdf7c1a4d24ce4f19e3d1cd0a1a1ce340
          • Opcode Fuzzy Hash: 32ac026bfe84dc01b29bd954a25de4f61430cb9c187ad0831f93128724f7847a
          • Instruction Fuzzy Hash: 8A029B74A006058FC754CF29C8809AABBF2FF88310B25DA69D55ADB761CB30FD46CB90
          Function 00F73100 Relevance: 2.9, Strings: 2, Instructions: 423COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$d
          • API String ID: 0-4050097227
          • Opcode ID: 4a8d81b151a21e2b24ca0948ed900e45be96ca3752cd1b45710552d1f08de67f
          • Instruction ID: 84cddad77c3f3b14187a5e563b787da09c8ec54acdb87b6501b13deff901126f
          • Opcode Fuzzy Hash: 4a8d81b151a21e2b24ca0948ed900e45be96ca3752cd1b45710552d1f08de67f
          • Instruction Fuzzy Hash: C3F19D74A006059FD724CF59C48096AF7F2FF88324B25C66AD45A9B362CB30FD46DB91
          Function 00F75311 Relevance: 2.8, Strings: 2, Instructions: 330COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4'cq$<dzq
          • API String ID: 0-804723668
          • Opcode ID: 495d73684b4da60852365c96ffde61195ad14a2d8289749aeb3ffc4fb8fb910f
          • Instruction ID: ab7eb09598adfec3f37283b2caa63d98d1430a75070c6cba41afb089dda88799
          • Opcode Fuzzy Hash: 495d73684b4da60852365c96ffde61195ad14a2d8289749aeb3ffc4fb8fb910f
          • Instruction Fuzzy Hash: 62B1F7B4B40304ABD705AB64AC55B6E7BE3EFC8710F204418F502EB3C4DEB8AD5A8B45
          Function 00F75340 Relevance: 2.8, Strings: 2, Instructions: 315COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4'cq$<dzq
          • API String ID: 0-804723668
          • Opcode ID: 3ca087f001eb6f89adc88ad5d49ac1d2df3e29ad1ee445ddc921d1249ce449cf
          • Instruction ID: 29d2b98ca7b075c0c839c528c1c6bb1a0611ff6b55c12b6115bb5e1c24dfbdcb
          • Opcode Fuzzy Hash: 3ca087f001eb6f89adc88ad5d49ac1d2df3e29ad1ee445ddc921d1249ce449cf
          • Instruction Fuzzy Hash: FAB1F7B4B40315ABD705AB64AC55B6E7AE3EFC8710F204418F502EB3C4DEB8AD5A8B45
          Function 061BB470 Relevance: 2.8, Strings: 2, Instructions: 262COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: ,5p$l8p
          • API String ID: 0-3767839860
          • Opcode ID: d1c1cf2a1bd9016512ffa952a3dd0825ef75a3222d49658e69bd7aa5a8bd9f6b
          • Instruction ID: 77615c5cfa67c47669e39fa94d806abfddcfea5db4da0a0b314175687d3d8072
          • Opcode Fuzzy Hash: d1c1cf2a1bd9016512ffa952a3dd0825ef75a3222d49658e69bd7aa5a8bd9f6b
          • Instruction Fuzzy Hash: 2CB1A235A01209CFCB04EF68D854A9EB7F2FF88310B14855AE815AB355DF74ED86CB90
          Function 00F7A770 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq
          • API String ID: 0-3425431731
          • Opcode ID: 548a7c0c9d01cf8ca7d88333bc7306b941468245e95cb1a5661e9a05bbc4e2ea
          • Instruction ID: 79fd5ef2f5f2a21ac91ea852f2fe86eb55563fd2dd90795f2c171ea088ddbbfe
          • Opcode Fuzzy Hash: 548a7c0c9d01cf8ca7d88333bc7306b941468245e95cb1a5661e9a05bbc4e2ea
          • Instruction Fuzzy Hash: 1D514572B042119BCB29AB74E86062E7B63EFC5750B16C86AE509CB285DE358C47D3D3
          Function 06834228 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq
          • API String ID: 0-3425431731
          • Opcode ID: 37ccbb2692930711f8714e10f4d4a9a19aeae8ebf1af30a5899c1262e68d6094
          • Instruction ID: bfb7f9fea4fe8e9e79da538f0cd9f44f495b3bda73056e7cf24f97ce242b6538
          • Opcode Fuzzy Hash: 37ccbb2692930711f8714e10f4d4a9a19aeae8ebf1af30a5899c1262e68d6094
          • Instruction Fuzzy Hash: C751C1306042419FC715DF68C8509AEBBF2EF89314B14C9AAE946CB396DF35ED46CB90
          Function 06150CA8 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484241135.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6150000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$l8p
          • API String ID: 0-2809060687
          • Opcode ID: 33f65bfeca34af5a129c7d5cbbab6e6a74dc57aba2fa111193fcbb6233d7b79c
          • Instruction ID: 89e1325319d5d7754fd4a577c614f73f1eddbdc2844cb564f8d46887c0d0f9c9
          • Opcode Fuzzy Hash: 33f65bfeca34af5a129c7d5cbbab6e6a74dc57aba2fa111193fcbb6233d7b79c
          • Instruction Fuzzy Hash: 5F518E31A00204DFCB64DBA9D9547ADBBF2EF88311F158469E902E7381DB34AD02CBA1
          Function 060E7108 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$Hgq
          • API String ID: 0-3303014377
          • Opcode ID: abbea8465157b4f3fe3a6594ab1ebca15ea916894e35dfab6fe7f6230bc92fd0
          • Instruction ID: 7961ac2de04179bd83e5e16122a5392e9781315fe4dae79eacd60fe9b89c0c93
          • Opcode Fuzzy Hash: abbea8465157b4f3fe3a6594ab1ebca15ea916894e35dfab6fe7f6230bc92fd0
          • Instruction Fuzzy Hash: 57412331B042145FCB45DBBC98545AEBFE6EFC9310B2884AAE449CB392DA34DD06C7E1
          Function 061BE6C8 Relevance: 2.6, Strings: 2, Instructions: 123COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$T;p
          • API String ID: 0-149365343
          • Opcode ID: 85aef8ce23a1d010f13e741edd85fe179ef5f2679695df77118b7eeab751d058
          • Instruction ID: f0562e8120a3e98ee3dc73444a6afc09043355c4750e0ab7bbdec69846c999bd
          • Opcode Fuzzy Hash: 85aef8ce23a1d010f13e741edd85fe179ef5f2679695df77118b7eeab751d058
          • Instruction Fuzzy Hash: 9341CC35B002058FCB08EA2ED8518AFBBE6EFC92947244469E906CB392EF75DD0187D1
          Function 060EE998 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$4'cq
          • API String ID: 0-3668452910
          • Opcode ID: 531fbbfc4f8753b240e0c9e67f6a4fdc93c2851084659524347706d0a1a4b159
          • Instruction ID: 9c60d8b93b2cef6a14f70a9edaedc482d92633f752f8c464b8fca91372a2183f
          • Opcode Fuzzy Hash: 531fbbfc4f8753b240e0c9e67f6a4fdc93c2851084659524347706d0a1a4b159
          • Instruction Fuzzy Hash: 1E41A3313002014FC355EB68E85456EBBE7EFC9320718896DE40A8B7A5DF38AD46D791
          Function 060E23A8 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq
          • API String ID: 0-3425431731
          • Opcode ID: 9eecf566a72ec39a403a6e46c3ced0ad5b5ce91be0a1c3055af47be62c71a24f
          • Instruction ID: 2894f8c37f2f2506b97ff2c0f194827dbc6fe7ab82bd4724624725edf3e66d15
          • Opcode Fuzzy Hash: 9eecf566a72ec39a403a6e46c3ced0ad5b5ce91be0a1c3055af47be62c71a24f
          • Instruction Fuzzy Hash: EA210471B101259FC745EB68C4106AFBFEA9F84310B14887AE802EB381DF749E4687E2
          Function 00F7DEA8 Relevance: 2.6, Strings: 2, Instructions: 73COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq$(gq
          • API String ID: 0-3425431731
          • Opcode ID: 09ebfc292a96a97936f4d58626f2c73f716d2aed47ddc92d439b7b5a625995d9
          • Instruction ID: c235746e8c5c1964fa5b58f996e6987c98ce4f670945f5b081fec664d78b799e
          • Opcode Fuzzy Hash: 09ebfc292a96a97936f4d58626f2c73f716d2aed47ddc92d439b7b5a625995d9
          • Instruction Fuzzy Hash: F1113D37F040205FD7155628541436E7AE69FE47A1F6AC4B9D80ADB3C0DE29CE46D3D2
          Function 061B74E8 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $cq$$cq
          • API String ID: 0-2695052418
          • Opcode ID: 2dd7d0d7c6447e9c1336d9813479961bb62653f88d841fee1f7923f365c39ade
          • Instruction ID: a9e98a6214a558883701baddac3669e975c81b9ea048db8a92c5240bb2040472
          • Opcode Fuzzy Hash: 2dd7d0d7c6447e9c1336d9813479961bb62653f88d841fee1f7923f365c39ade
          • Instruction Fuzzy Hash: 8F118E30214610CBE76D5F29D1583BE7AB7ABC4310F21582AD487CA7C5CBB8E9518BE5
          Function 06810C64 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484802453.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6810000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $cq$$cq
          • API String ID: 0-2695052418
          • Opcode ID: 731d8519919c57ab6a60ea120afa558d7d333b07849a8f915993a76788f687be
          • Instruction ID: 50f10d06910960ccc182a71662366d845b91e2253230bba34affac51e6acd9f0
          • Opcode Fuzzy Hash: 731d8519919c57ab6a60ea120afa558d7d333b07849a8f915993a76788f687be
          • Instruction Fuzzy Hash: 08F02470F193658FCB7607286C2106A2BBA5FC676036941ABD445CF246DE300CC2CBE2
          Function 00F7CBB8 Relevance: 1.8, Strings: 1, Instructions: 537COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq
          • API String ID: 0-2579725278
          • Opcode ID: dfdc72f5c87e56c59c712edb24cc836d422b268081cc98eecbf74db2c9a713e3
          • Instruction ID: 7c8af3561052e71cd0a745221fda77041c6d485941a5c9aa6d8979999e1f8fdb
          • Opcode Fuzzy Hash: dfdc72f5c87e56c59c712edb24cc836d422b268081cc98eecbf74db2c9a713e3
          • Instruction Fuzzy Hash: 20222B34B002198BCB45EB68DA5169E7BB2FF88700F90855DE80A9B359DF346E46CFC1
          Function 00F7CBEF Relevance: 1.8, Strings: 1, Instructions: 519COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq
          • API String ID: 0-2579725278
          • Opcode ID: 09bd3b7aa3e1daecaa0151e1a133c70cc24425e3a5773cd8a30e9cc85bedfa78
          • Instruction ID: aae422e627027e42b292fcd203169597033f48b28eeddf2fb95560b0bbac3d9a
          • Opcode Fuzzy Hash: 09bd3b7aa3e1daecaa0151e1a133c70cc24425e3a5773cd8a30e9cc85bedfa78
          • Instruction Fuzzy Hash: 4D222B34B002198BCB55EB68DA5169E7BB3EF88700F90855DE80A9B359DF346E46CFC1
          Function 061BA2C0 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4ccq
          • API String ID: 0-2102312029
          • Opcode ID: 59913aeeef9bd2aecd86fe75a12842d7ab973cad68615862f8c60a770f978c1a
          • Instruction ID: 3fe5edbc9ce590e87888be6d3b4fdc0dbbaf76de1f35d630ff289ae6eb39dbc6
          • Opcode Fuzzy Hash: 59913aeeef9bd2aecd86fe75a12842d7ab973cad68615862f8c60a770f978c1a
          • Instruction Fuzzy Hash: 23022775A00209DFDB44DF68C894EAEBBB6FF88310F158499E916AB365DB30EC51CB50
          Function 061B3509 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 43dq
          • API String ID: 0-1588790314
          • Opcode ID: 2bae35495386ad4c50098eaa0ad4e9cc44d5758e15f148fd3cd71e0023b52bba
          • Instruction ID: 85007e9bfc64c18ea1a324ab27e677fdc40cfb9e5a89cec322f9d7cb565adaad
          • Opcode Fuzzy Hash: 2bae35495386ad4c50098eaa0ad4e9cc44d5758e15f148fd3cd71e0023b52bba
          • Instruction Fuzzy Hash: 05F17E74B006058FC715DF79C894AAABBF2BF88300B1588A9E556CB3A5DF34EC41CB91
          Function 0620C923 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
          Download Yara Rule
          APIs
          • MoveFileExW.KERNEL32(?,00000000,?), ref: 0620C9B5
          Memory Dump Source
          • Source File: 00000002.00000002.4484527900.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6200000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: FileMove
          • String ID:
          • API String ID: 3562171763-0
          • Opcode ID: 9263c738337f3bc8108cf21a6f60508a8469f86df9e460ee9350f4fc31ebc25b
          • Instruction ID: 601c98ce947d2ae609bf63d8f23cebc877c1dc2e1bd166889de1a58669a72842
          • Opcode Fuzzy Hash: 9263c738337f3bc8108cf21a6f60508a8469f86df9e460ee9350f4fc31ebc25b
          • Instruction Fuzzy Hash: 9A2189B2C0120A9FCB50CFA9D580AEEFBF0FF88310F15816AD808AB341D3349944CBA1
          Function 0620C928 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • MoveFileExW.KERNEL32(?,00000000,?), ref: 0620C9B5
          Memory Dump Source
          • Source File: 00000002.00000002.4484527900.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6200000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: FileMove
          • String ID:
          • API String ID: 3562171763-0
          • Opcode ID: ba49b6861329a1f42c849d7786db01cecce198d0f628dbc68f2ffdf5488b3f02
          • Instruction ID: b5776aaae9d94b74683a305b3d8e92857122af4ee8e0b547ad70a651b50e1748
          • Opcode Fuzzy Hash: ba49b6861329a1f42c849d7786db01cecce198d0f628dbc68f2ffdf5488b3f02
          • Instruction Fuzzy Hash: F62169B2C1121A9FDB10CF99D584AEEFBF1FF88310F15816AD808AB341D3349944CBA0
          Function 061BDA50 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (Ahq
          • API String ID: 0-3216777023
          • Opcode ID: 56804082aaebb3d5376b12a256b7395dc2db4da0a1cf8a5ebda81f26bca6d5b0
          • Instruction ID: ef778f38b1a9d5850fb8c8f640a19232987d6d9ef16a5012c71150b62dd11f07
          • Opcode Fuzzy Hash: 56804082aaebb3d5376b12a256b7395dc2db4da0a1cf8a5ebda81f26bca6d5b0
          • Instruction Fuzzy Hash: 7FC13F70F102199FCB58DFA9E9546AEBBB2BF88310F145429E402EB394DF749D46CB90
          Function 06204550 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
          Download Yara Rule
          APIs
          • GlobalMemoryStatusEx.KERNEL32 ref: 062045B7
          Memory Dump Source
          • Source File: 00000002.00000002.4484527900.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6200000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: GlobalMemoryStatus
          • String ID:
          • API String ID: 1890195054-0
          • Opcode ID: 2241b12b9d9aee8d652d5aa9fd0305a874576a539efc1312e80cdecbd1f6611f
          • Instruction ID: 855dcc61b98254caa116d5448345cfb21e628acced2e70b430e7ab9ffe92c86e
          • Opcode Fuzzy Hash: 2241b12b9d9aee8d652d5aa9fd0305a874576a539efc1312e80cdecbd1f6611f
          • Instruction Fuzzy Hash: BE1110B5C102498FCB20DF9AD544B9EFBF8AB88324F24841AD919A3240C774A945CBA5
          Function 06204558 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
          Download Yara Rule
          APIs
          • GlobalMemoryStatusEx.KERNEL32 ref: 062045B7
          Memory Dump Source
          • Source File: 00000002.00000002.4484527900.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6200000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: GlobalMemoryStatus
          • String ID:
          • API String ID: 1890195054-0
          • Opcode ID: b3b3de4b975de7c8cbbfb4a84e76759bc560bf4e321217678909a783c68de04d
          • Instruction ID: 4640556da9efd7c3dd4f3509124eea8b1c1938b97ae372e7638b90dcc102c776
          • Opcode Fuzzy Hash: b3b3de4b975de7c8cbbfb4a84e76759bc560bf4e321217678909a783c68de04d
          • Instruction Fuzzy Hash: 141122B5C002498FCB10DF9AD444B9EFBF8AB88324F20841AD519A3340C774A944CFA1
          Function 06204C21 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
          Download Yara Rule
          APIs
          • GetNativeSystemInfo.KERNEL32 ref: 06204C87
          Memory Dump Source
          • Source File: 00000002.00000002.4484527900.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6200000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: InfoNativeSystem
          • String ID:
          • API String ID: 1721193555-0
          • Opcode ID: 34a58b9c9996e5ade1db50347cae96650731ee10f7115d203dbb22e3d4829b5a
          • Instruction ID: 1ab1f2ce3ae1f18eb024e5ce65a76da782031225825598cb32a95e65fb2341f3
          • Opcode Fuzzy Hash: 34a58b9c9996e5ade1db50347cae96650731ee10f7115d203dbb22e3d4829b5a
          • Instruction Fuzzy Hash: DC1112B5C00249CFCB20DFAAD948BDEFBF4EB88324F20845AD519A7250D775A944CFA5
          Function 06204C28 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
          Download Yara Rule
          APIs
          • GetNativeSystemInfo.KERNEL32 ref: 06204C87
          Memory Dump Source
          • Source File: 00000002.00000002.4484527900.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6200000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID: InfoNativeSystem
          • String ID:
          • API String ID: 1721193555-0
          • Opcode ID: 71211f2a8f499cf8a58b7faa587f1c821204eb0111e0c54418c3ba9904f92340
          • Instruction ID: 719b728f890e71e6147daf47ae7e91069e58e033569d2ba65eacc3e9471d7c3f
          • Opcode Fuzzy Hash: 71211f2a8f499cf8a58b7faa587f1c821204eb0111e0c54418c3ba9904f92340
          • Instruction Fuzzy Hash: BE11E2B5C00249CFDB20DF9AD544BDEFBF4EB88314F20845AD519A7250C775A944CFA5
          Function 061B3260 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4'cq
          • API String ID: 0-182294849
          • Opcode ID: a0c3da83f0f760ec9556abed691abb496b6930d7d140bc76d0b08d49e0b25fdf
          • Instruction ID: ca9f95d9f8b2110223ed43ff82794571233df8c4e7babdddcc5cba7fd4406b57
          • Opcode Fuzzy Hash: a0c3da83f0f760ec9556abed691abb496b6930d7d140bc76d0b08d49e0b25fdf
          • Instruction Fuzzy Hash: A1717E74B002058FCB44EF79D891AAEBBE2EFC9310B1488A9E506DB365DF34DD418B91
          Function 061BE3E8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: L<p
          • API String ID: 0-3975772089
          • Opcode ID: 56c6f2289dd1d7c067cb7b0efc2bc0df9a0380208c02a1c6a3ea752f4342679a
          • Instruction ID: ecc72fd29897398e1e58ac7f1533f7a4a2354854fc0bd27d6764ce8f4d1b9775
          • Opcode Fuzzy Hash: 56c6f2289dd1d7c067cb7b0efc2bc0df9a0380208c02a1c6a3ea752f4342679a
          • Instruction Fuzzy Hash: B8717031B002059FDB45DB69E9656EEBBF3AF88750F249429E406DB390DF389D01CB91
          Function 061BF5A0 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4ccq
          • API String ID: 0-2102312029
          • Opcode ID: f413d452a86fb0023eb10fc955f80c63d854f3df9fc7e63e5790bf48b23eb206
          • Instruction ID: ca8c9082928e72dcbcb2a70862a9f4a4f544c2ca6ac8d0ec94c07ba06348ca0d
          • Opcode Fuzzy Hash: f413d452a86fb0023eb10fc955f80c63d854f3df9fc7e63e5790bf48b23eb206
          • Instruction Fuzzy Hash: 0F61B131A00105DFDF44DF64C890BE9BBB6FF89300F1496A9E905DB2A6DB71D986CB90
          Function 06830A80 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: fba4a995e80f7d9a0fbd08a3049a4ef0ba5407919443bc7b37ce0347925b02e3
          • Instruction ID: f530010fe4c5dbab850c7b8cda153aaccae98683b84735aeb4f79ae8224e922f
          • Opcode Fuzzy Hash: fba4a995e80f7d9a0fbd08a3049a4ef0ba5407919443bc7b37ce0347925b02e3
          • Instruction Fuzzy Hash: 04518F71F002195FCB44EBA8E8505AEBFF2EF89311B10842AE506FB340DB359E418BA1
          Function 061BBCA8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: Hgq
          • API String ID: 0-2103768809
          • Opcode ID: 9e174422700ddb73a69d4f96aaa2818115249ae84bfa789341f6434ccd870803
          • Instruction ID: cd97cc3ff9237983fa594b19663888882060494b9193e3a0f9898c57b4e5cd05
          • Opcode Fuzzy Hash: 9e174422700ddb73a69d4f96aaa2818115249ae84bfa789341f6434ccd870803
          • Instruction Fuzzy Hash: F7412371F053549FCB02DBB4DC115EE7FB29F86300F15869AE100BB292DA745E4687A2
          Function 061B1E43 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: a25d7135eabfbc3691e9d471f6991e294e901efb1ca62e0e9a7f46f8134538c4
          • Instruction ID: 5cc88b5b21e95e36bf0e5a2344c29ad44956979b37676a0a645a840de0c23724
          • Opcode Fuzzy Hash: a25d7135eabfbc3691e9d471f6991e294e901efb1ca62e0e9a7f46f8134538c4
          • Instruction Fuzzy Hash: 6B41BC35B002058FDB54DF19C4909AEB7F2FF89320B269969E91AEB751CB30EC05CB90
          Function 00F75D0F Relevance: 1.4, Strings: 1, Instructions: 130COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 04c7f846691ffb80fb17aebb2c59d7d1e6937873ef1b8c6297655d75ac4ec177
          • Instruction ID: 769452a9bd9792f5af19c5cbd54746dda2d701cc2bd3e24ee2f417cae0d8def0
          • Opcode Fuzzy Hash: 04c7f846691ffb80fb17aebb2c59d7d1e6937873ef1b8c6297655d75ac4ec177
          • Instruction Fuzzy Hash: A1515774E002489FCB14CF99D584A9DBBF2BF89310F24C19AE809AB351DB74ED45DB91
          Function 00F776E0 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4ccq
          • API String ID: 0-2102312029
          • Opcode ID: f85e2397814c1243e8b522e0522b0eeb3876f2c84f901cd2b2d72574de9f62bc
          • Instruction ID: bd70e928f3fe57cfc0ca3ac9bb4fe5f4ae14e4567502c1a4d17dbb819e253c8c
          • Opcode Fuzzy Hash: f85e2397814c1243e8b522e0522b0eeb3876f2c84f901cd2b2d72574de9f62bc
          • Instruction Fuzzy Hash: A341D475A103069FCB14EF65D8409AEB7F6FFC8310B20CA2AE40997255EB34E956DBD0
          Function 061BE828 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: ,gq
          • API String ID: 0-3993090981
          • Opcode ID: de17fd8a01e26c09921f80c5eb5a9df836ceea772b5942be222cf55a380876f5
          • Instruction ID: 29ea6405c6abf5ff470e0890abaaeffe190de5934ba8911e317f77d844e1d127
          • Opcode Fuzzy Hash: de17fd8a01e26c09921f80c5eb5a9df836ceea772b5942be222cf55a380876f5
          • Instruction Fuzzy Hash: B541B134B002058FC794DF68C8949AEB7B2FFC8341B219169D40ADB365DB31EC06CBA1
          Function 061BCC9F Relevance: 1.4, Strings: 1, Instructions: 116COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: ddba7087ea5d765329b87f9518a9ce6dd1888e5445a1b30bdeb5698600564c6d
          • Instruction ID: 94a0955b9d2cf1a50d2c31f0ee06cf45fbec4069e17c19b12b96bb0f5ad209d6
          • Opcode Fuzzy Hash: ddba7087ea5d765329b87f9518a9ce6dd1888e5445a1b30bdeb5698600564c6d
          • Instruction Fuzzy Hash: 5A417C34B006058FDB54DF69C4849AAFBF2FF89310B15D9A9E85AEB351CB30E841CB90
          Function 00F730EF Relevance: 1.4, Strings: 1, Instructions: 116COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: d328bdc2428c13023447739718a0a17a7d169358a4bbc5dcce53f7057cbca260
          • Instruction ID: 7cda19e379969ccb29c452d33ad6fceff012c4bf43271a3fcfe0d7fa9daa5d01
          • Opcode Fuzzy Hash: d328bdc2428c13023447739718a0a17a7d169358a4bbc5dcce53f7057cbca260
          • Instruction Fuzzy Hash: 1D419E34B002059FDB14DF59C880A6AFBF2FF89320B19C55AD85AAB351CB34ED01EB95
          Function 061B1E4B Relevance: 1.4, Strings: 1, Instructions: 114COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 21df03513c3d414096a9e899dd4d74e1447b0bb557b854fb85ce897217cc2825
          • Instruction ID: ec4a805b4419cf5f9285cd3f0bc51917371c63d1043306e3b9804b89855afde6
          • Opcode Fuzzy Hash: 21df03513c3d414096a9e899dd4d74e1447b0bb557b854fb85ce897217cc2825
          • Instruction Fuzzy Hash: F7417934B006058FCB54DF19C4909AABBF2FF89310B169959E81AAB751CB34E805CB90
          Function 00F776B3 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4ccq
          • API String ID: 0-2102312029
          • Opcode ID: ac15631a59039061d3bc4e6b4f060d04b69b70c45e5f1ac922860bcc99fbbcf2
          • Instruction ID: 0e580ea5c2e5a406d9ff3f564ef4aca9ee73ef1233e0430339901c0daddbcd20
          • Opcode Fuzzy Hash: ac15631a59039061d3bc4e6b4f060d04b69b70c45e5f1ac922860bcc99fbbcf2
          • Instruction Fuzzy Hash: 1E41B675E143069FCB05DF75D8406AABBF6FF88310F14CA2AD40997255EB34E906DB90
          Function 061B1E3F Relevance: 1.4, Strings: 1, Instructions: 112COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 1f3ab66763c1c9319457a89b63735ff28f7f324e3e3718156f1534c8dd2aa2aa
          • Instruction ID: 1be1d45d22969e4876cbcd6cdb6d793af6a3d63f78726a7bcdad5c587d4185f8
          • Opcode Fuzzy Hash: 1f3ab66763c1c9319457a89b63735ff28f7f324e3e3718156f1534c8dd2aa2aa
          • Instruction Fuzzy Hash: 4E417934B006058FCB54DF19C4909AEBBF2FF89310B169A69E81AEB751CB34EC05CB90
          Function 06832CF0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 02bf71476726108e5fd92b8bbae70d2a06dab2ab1637dc2cd083868ef1ecef78
          • Instruction ID: dc650df273783f697c34f3ef6a0229a5845ec9e3c30eec7c4ab15e8871573b6a
          • Opcode Fuzzy Hash: 02bf71476726108e5fd92b8bbae70d2a06dab2ab1637dc2cd083868ef1ecef78
          • Instruction Fuzzy Hash: 0E3104313042551BC755AA39EC61A6F7B97EFC5310F248529F509CB281CEB89D46C3D1
          Function 06833C08 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: fbfb614e005b91ff7d3ef5e8c7a0ca818a6d9951cf769be37c604e21ef211f6b
          • Instruction ID: 37dddab88dae02e2b161f21138c9e02a734d0ef965c0d4cc3fe637304f77d25b
          • Opcode Fuzzy Hash: fbfb614e005b91ff7d3ef5e8c7a0ca818a6d9951cf769be37c604e21ef211f6b
          • Instruction Fuzzy Hash: 3B31F471B01215AFCB45EF68DC506EEBFB2EF88310B10806AE505DB251DF358A16D7E0
          Function 060EE488 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $"dq
          • API String ID: 0-323918578
          • Opcode ID: d41c3ce7fa767def4198fc57a49c7afd0afbc083d32827696e882e0d25b85b30
          • Instruction ID: 041d5a9593428302138ae85dd14af54bc0d2d48ef8c5c946671e1b4de4d2c5b9
          • Opcode Fuzzy Hash: d41c3ce7fa767def4198fc57a49c7afd0afbc083d32827696e882e0d25b85b30
          • Instruction Fuzzy Hash: 49419F71A002198FCB55DF69D855ADDBBF2EF8C310F108569D406AB3A0DF31AE45CBA0
          Function 00F78750 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: a67befb702ea8031473025244a4eebbc2e7d50b643a5272d221bf660a3b75cfd
          • Instruction ID: dc2711c8c89d193a4e890dacd6226e94d4157689da515df194a170c367627711
          • Opcode Fuzzy Hash: a67befb702ea8031473025244a4eebbc2e7d50b643a5272d221bf660a3b75cfd
          • Instruction Fuzzy Hash: 703104797102408FCB05BB60E49807DBFB3EFC9361758885DE40AC7395CE799C62A741
          Function 0683E5B7 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4eq
          • API String ID: 0-867326417
          • Opcode ID: 6a9c9927905aa976a4972e9bd74d4de78d2499f9a8b8597a02a1dc47a6b5ec7d
          • Instruction ID: fa222afbb8d332c4aba03325ad7571b3976ec056a1935289d2ba49b10c66d9e6
          • Opcode Fuzzy Hash: 6a9c9927905aa976a4972e9bd74d4de78d2499f9a8b8597a02a1dc47a6b5ec7d
          • Instruction Fuzzy Hash: 29317076D102199BDB15CF94D8406CEBBF5FF89350F154526E540BB210EB70BA4ACBA1
          Function 060E07F8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq
          • API String ID: 0-2579725278
          • Opcode ID: f978ca9b1071e3bcbe9bc481b5331eeae28a7e8d0449d3cbdc2a14f265097f50
          • Instruction ID: b12df79d107afdbafb87b02b30ae3d5f5d1de278f4f72ea9194b92c62de1599e
          • Opcode Fuzzy Hash: f978ca9b1071e3bcbe9bc481b5331eeae28a7e8d0449d3cbdc2a14f265097f50
          • Instruction Fuzzy Hash: 35316170A002099FCB44DF68D4509DEBFF2FF8D324F248959E805AB391DA719995CB91
          Function 060E0808 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: gq
          • API String ID: 0-2579725278
          • Opcode ID: ec0e9dc3c5abcfe0b1e95c6146aab070613787f8da4392f9f6fdbc42a1910365
          • Instruction ID: e6a1bfaa79d62d42e82bee5aef1f57135decae7135363bffca81059fcd038220
          • Opcode Fuzzy Hash: ec0e9dc3c5abcfe0b1e95c6146aab070613787f8da4392f9f6fdbc42a1910365
          • Instruction Fuzzy Hash: D2319270A002098FCB44DF68C4409DEBFF2FF88324F248569E405AB391DB719D868BA1
          Function 060EAC68 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 59c8e89f369f057c8e61f3658a676d558655be2fe9204372b4aa3ecd2e2bbb51
          • Instruction ID: fe89914ea52d83d9461da52bfefed862c6fe81e35a387672e5c15bc9e859f6c2
          • Opcode Fuzzy Hash: 59c8e89f369f057c8e61f3658a676d558655be2fe9204372b4aa3ecd2e2bbb51
          • Instruction Fuzzy Hash: 0E2126313083505FC756976DEC6099F7FE6EF8622071448AAF009DB282CE65AD06C3E1
          Function 060E0701 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: acq
          • API String ID: 0-2712774907
          • Opcode ID: 533f1564e3cb8cc37630936f78cd8dca261f2e5cb9a2c57017d32afb5cb0ea8c
          • Instruction ID: f715768108e6b0059e7d44c501765506b4c5743d447c157a7a1d4da408e543d3
          • Opcode Fuzzy Hash: 533f1564e3cb8cc37630936f78cd8dca261f2e5cb9a2c57017d32afb5cb0ea8c
          • Instruction Fuzzy Hash: F021F9716007119FC711DF68D880A5EBFF6EF89320B148A59F54A8B381CF74E956CB90
          Function 060E1D38 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $cq
          • API String ID: 0-2110363268
          • Opcode ID: 2aadfa138dc15d190159075129f1616d82903eb6553c0ec82b4277d5a1c4197f
          • Instruction ID: 8bf06190e374adc207cb1383e82f73786bbaa5951113ae8bfcacaf6c70c77bda
          • Opcode Fuzzy Hash: 2aadfa138dc15d190159075129f1616d82903eb6553c0ec82b4277d5a1c4197f
          • Instruction Fuzzy Hash: 49217430E406299FDBA4EF68D8146AEBBF5EF44300F10896AD445E7680EB389541CFD5
          Function 060E9351 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: aaa85f479185c0cc5678ea531142e03ea7357df846b0a8329d3174e975733ab2
          • Instruction ID: 5c3bf3928e09725bae44740ee12b7cdd9110c0b58830989408e98446dae24c62
          • Opcode Fuzzy Hash: aaa85f479185c0cc5678ea531142e03ea7357df846b0a8329d3174e975733ab2
          • Instruction Fuzzy Hash: 2911572120D3A55FC3865B7C9CB40997FA1DF9322032544E7D188CF283DA684D0AC3E5
          Function 061B26A0 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: \;cq
          • API String ID: 0-3782417593
          • Opcode ID: ea8d7e2e02e26aa13ffd2236e36518c37d501d3c64aa591a4fd24132544ffb10
          • Instruction ID: af9f6313968dc5a0c885716995fd46f8a223fa020c1acf17a1fa292de8f7873d
          • Opcode Fuzzy Hash: ea8d7e2e02e26aa13ffd2236e36518c37d501d3c64aa591a4fd24132544ffb10
          • Instruction Fuzzy Hash: 4F1182367052054F9B549BAEA4949ABF7DAEFD8265324803AEA0EC7744EF71EC058350
          Function 061B51A8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 9079ddb5302fbce68830a304133b48dd96278911456327914cfd5a56b15b990b
          • Instruction ID: 3eacd0e84ea3d9b30f90f9732e3b3e73fea8a44a07d34831cae083c55f0ae1ce
          • Opcode Fuzzy Hash: 9079ddb5302fbce68830a304133b48dd96278911456327914cfd5a56b15b990b
          • Instruction Fuzzy Hash: D61108327192955FC715EB78A8116AD3FB7DFC6260B1880FAE509DB392DE398D028391
          Function 060E1D48 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $cq
          • API String ID: 0-2110363268
          • Opcode ID: fe1da2437b2c8b56f44b510854583a26e9918a8abb984e04e2f1ec18a2958586
          • Instruction ID: d8d332e8404f417039366d4921c8f01a491d104fc627b76398358bdf38a67f5f
          • Opcode Fuzzy Hash: fe1da2437b2c8b56f44b510854583a26e9918a8abb984e04e2f1ec18a2958586
          • Instruction Fuzzy Hash: 32216530E406299FDFA1DF78D9116AEBBF5EF44200F0085AAD409E7680EB389941CBD1
          Function 060EE988 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4'cq
          • API String ID: 0-182294849
          • Opcode ID: de133a4475ef3014166bcc0bc0406fbd9ff431337010a4e02396b5fcf4a2989d
          • Instruction ID: 0ad89b1f37f7352a4ca1ba388e762eb9936b998c4b250bdec42822f98251b765
          • Opcode Fuzzy Hash: de133a4475ef3014166bcc0bc0406fbd9ff431337010a4e02396b5fcf4a2989d
          • Instruction Fuzzy Hash: 9D11C3312002024BC315EB78EC905AE7BE7EFC53103548E6DF5468B655DF78AE9AD3A1
          Function 061BAB01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: `dq
          • API String ID: 0-1159406943
          • Opcode ID: ecbfc5da607c9b43eb03397cd9be7385d8c5f4b76d9986806c1a378532c4fbc5
          • Instruction ID: 03f4c07da551e802de461f3a8b767355d7445428210bb4bf1db6de143b6c7806
          • Opcode Fuzzy Hash: ecbfc5da607c9b43eb03397cd9be7385d8c5f4b76d9986806c1a378532c4fbc5
          • Instruction Fuzzy Hash: DB212B717093404FD316DB38DC6499A7FB6EF8A31030985AFE455CB292CB749C01C7A1
          Function 06835D08 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: l=p
          • API String ID: 0-3593820991
          • Opcode ID: 9c3793a32143d957adcd15fcbe0f36a058405a76de81baf6aaff16f1931a404f
          • Instruction ID: f285c78235bd5707b2b855dff78a2f8f25f416f3a45a60aa0fce4ff5a305c464
          • Opcode Fuzzy Hash: 9c3793a32143d957adcd15fcbe0f36a058405a76de81baf6aaff16f1931a404f
          • Instruction Fuzzy Hash: 2521C371B002158FCB64EB69C465AAF76F6EF88214F244438E502DB344EF749D428BD2
          Function 00F7E208 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: `dq
          • API String ID: 0-1159406943
          • Opcode ID: 2d32e245d4302e4d426b7a1271d7767e324421785f084d2f3b26ab0e5eb4b7ec
          • Instruction ID: f107cd2c97fdef0334fbd1532aeff7f84cfa2a40435a3c25952ad8161d3cc4ab
          • Opcode Fuzzy Hash: 2d32e245d4302e4d426b7a1271d7767e324421785f084d2f3b26ab0e5eb4b7ec
          • Instruction Fuzzy Hash: 0D1126716006095BC701AB68C84196DBFB2FFC9310B40865EF4099F351EF34DD559781
          Function 060E4E78 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4'cq
          • API String ID: 0-182294849
          • Opcode ID: cb8603dc4bd540b274a980a9b679a1de9c01a50e138355415316d6a720b34dc9
          • Instruction ID: d664d2b58bbc1171a2d5fd2b1155a0d47d173b299c5b5bcba3a9fe4a4c4d2efb
          • Opcode Fuzzy Hash: cb8603dc4bd540b274a980a9b679a1de9c01a50e138355415316d6a720b34dc9
          • Instruction Fuzzy Hash: F81163702006039FC715DF28D89089ABBF2EF853143608E59F0598B651EF78A9598B91
          Function 060EED00 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 422b2272d444df06158cd01fd1aba6bc33e0f5d57b0fd0ee47559ef5dbf87936
          • Instruction ID: 7b2780fc853f8540dd7a090ecb49a20d19fd8f31eeeaa89757f605997f7a7fc0
          • Opcode Fuzzy Hash: 422b2272d444df06158cd01fd1aba6bc33e0f5d57b0fd0ee47559ef5dbf87936
          • Instruction Fuzzy Hash: 5001F9253082995FC35AA778D82456A7FE6CFC325072988BED145CF682DE35DC05C7A2
          Function 061BAB28 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: `dq
          • API String ID: 0-1159406943
          • Opcode ID: 23a2b015c310bb084f540b6a553a7e52fbd0c327e6c489679287b3a63bd71fe6
          • Instruction ID: eb54f32187ecc31d3ba044b99dcf237f9653e9f726d66d093abeccba550a1f8f
          • Opcode Fuzzy Hash: 23a2b015c310bb084f540b6a553a7e52fbd0c327e6c489679287b3a63bd71fe6
          • Instruction Fuzzy Hash: F5117071B013049FD754DB69D954AAA77EBFFC86207149529E41A87351DF70AC018B90
          Function 060ED688 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 52676db6a64a668218eead2509b4f1f0a9f9e30d22d137ee3ce45a9eaa97eb21
          • Instruction ID: ea87c1939f968523ad80275b4e1990c0983b48f043630f7876ae5fa45ad38d3d
          • Opcode Fuzzy Hash: 52676db6a64a668218eead2509b4f1f0a9f9e30d22d137ee3ce45a9eaa97eb21
          • Instruction Fuzzy Hash: 4E012820B1E3A44FDB465774483426E3FB59F82210B0944EBE445CB3D3DE2C4D05C7A2
          Function 060EE47B Relevance: 1.3, Strings: 1, Instructions: 52COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: $"dq
          • API String ID: 0-323918578
          • Opcode ID: 7d51f9377985ca6c9711fa301f59de714e7286a3ac59f1c3cc8c59c8a29bf380
          • Instruction ID: d04d12f058dc856887197d7c10399aa90f7c602b5dff6630e7adb348ece04f21
          • Opcode Fuzzy Hash: 7d51f9377985ca6c9711fa301f59de714e7286a3ac59f1c3cc8c59c8a29bf380
          • Instruction Fuzzy Hash: 49118E75A001589FCB19DBA8D454EDDBBF5EF8D304F1180A9D805AB351CB32AE05CBA0
          Function 060E98A5 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: #0
          • API String ID: 0-2084688721
          • Opcode ID: fa0d4bef52e3d8f5226f0c927fd7ab29b09e7fa15b420ac1bfeb67499f602bd5
          • Instruction ID: 9be3a9108da60171bbf3bce1a3ae54f4d81114c74128de46c87b67cf71f79559
          • Opcode Fuzzy Hash: fa0d4bef52e3d8f5226f0c927fd7ab29b09e7fa15b420ac1bfeb67499f602bd5
          • Instruction Fuzzy Hash: 2911623460021A8FCB41DF58D58099DB7F2FF882147258694E805AB716D635FE568B90
          Function 061BE6B5 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: T;p
          • API String ID: 0-2975607647
          • Opcode ID: a3103b5a9ec76562858c2766b9c176c7dc80ea277dad7bf75419ff5772294970
          • Instruction ID: 44e3f6dd4c10dcc4fd3244b5f9266bff43408b2058152df728ab2b0feb08e6ec
          • Opcode Fuzzy Hash: a3103b5a9ec76562858c2766b9c176c7dc80ea277dad7bf75419ff5772294970
          • Instruction Fuzzy Hash: 30F0B4357092501FC706462E6C618AFBFEB9BCA56032A01AAF905CB3A2DE168C0642B1
          Function 060EFCF8 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: (gq
          • API String ID: 0-1972435379
          • Opcode ID: 14b2b966ba5ae5788a9843ce5abc1e20f3589ad6396f806c290cdf000ad1b458
          • Instruction ID: 526cd4281fce1607460844a03f4d37f573d57de86ee0d850bcc2167f00d66ca7
          • Opcode Fuzzy Hash: 14b2b966ba5ae5788a9843ce5abc1e20f3589ad6396f806c290cdf000ad1b458
          • Instruction Fuzzy Hash: 84F07826E0D2A58FD7465778446012A3FB7CFA225436C84DDC4898F297DE1A8D07C3C1
          Function 060EAEFA Relevance: 1.3, Strings: 1, Instructions: 37COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID: 4'cq
          • API String ID: 0-182294849
          • Opcode ID: 616684f3b639b4e696feb00c2bd334391e011ef46da46559ab12028f2466c1e6
          • Instruction ID: 8f781e0a1da1cd97cd43dcf7862a5d5ddfe94ff938f6d0720a2a112bf9371a66
          • Opcode Fuzzy Hash: 616684f3b639b4e696feb00c2bd334391e011ef46da46559ab12028f2466c1e6
          • Instruction Fuzzy Hash: C1F0E9602052501B8359D76EAC5089BBFE7EFCA22031489AEF185C7152D9285D45C772
          Function 060EA230 Relevance: .7, Instructions: 661COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f7200da12974a491801f78f9f29592fba85ac12721c61735979b4c2697c6eb12
          • Instruction ID: d51106c51e2e1ee330c5bcf8342fbae2c4495607f6afcd2637d77b167bfbd52f
          • Opcode Fuzzy Hash: f7200da12974a491801f78f9f29592fba85ac12721c61735979b4c2697c6eb12
          • Instruction Fuzzy Hash: CB523970E406198FCB64DB68C9407AEBBF2FF88310F1085ADD54AA7750DB78AA85CF50
          Function 06835570 Relevance: .5, Instructions: 469COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 24d21cfb01ae04ed12e280ab4bb2a575ffd20e1ebf24aeccd94cc24c6ac3c1df
          • Instruction ID: 6d97d6419d614dce7ae1cf6342209d3c82deba22553f23eba28a171f9b569e88
          • Opcode Fuzzy Hash: 24d21cfb01ae04ed12e280ab4bb2a575ffd20e1ebf24aeccd94cc24c6ac3c1df
          • Instruction Fuzzy Hash: 6D028A30700219DFDB55DF68C895ABE37E6EF84204F548469E806DB394DB35DA82CBD2
          Function 0683DA30 Relevance: .4, Instructions: 397COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2aa4b264267279e3a10434c10f1a40144576ffecf3f63bbdfad9c16ec3854421
          • Instruction ID: d4b6f20e29ad5bc340d152781eee2ab520fbd6b37bf19726d09bf2a9134b7b78
          • Opcode Fuzzy Hash: 2aa4b264267279e3a10434c10f1a40144576ffecf3f63bbdfad9c16ec3854421
          • Instruction Fuzzy Hash: F012F779A10615CFCB54DF28C884A59B7B2FF89310B5585D8E84AAB372DB30ED85CF90
          Function 061B5FD8 Relevance: .3, Instructions: 296COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 18ee55fcc041da10d597bd76759cfe479cc63267860f2aae8b170cfba53a17b7
          • Instruction ID: 4d81f7424c53f673ed424019256ffa14dc0ae3dd17f983b16b336cc0f48e295f
          • Opcode Fuzzy Hash: 18ee55fcc041da10d597bd76759cfe479cc63267860f2aae8b170cfba53a17b7
          • Instruction Fuzzy Hash: BBB17C74B002058FCB58EF79D8949AEBBF6EF9871071444A9E906DB361DB34DC41CBA0
          Function 061B5A59 Relevance: .3, Instructions: 292COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9d7336a1036cfe7d805f523735fc937d1f99a00e6258f199faf368bc41dc3352
          • Instruction ID: 6cf425bc6e3df5dee8affe7de1fb2e069365f2fd55e00f4eb3b24db9794ff878
          • Opcode Fuzzy Hash: 9d7336a1036cfe7d805f523735fc937d1f99a00e6258f199faf368bc41dc3352
          • Instruction Fuzzy Hash: 00B12874F002099FCB55DFA9D5949AEBBF7FF88300B508469E906EB364EB34A941CB50
          Function 061BD548 Relevance: .3, Instructions: 273COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d75b245f1189f3334ee67e4cfe767ff074b42b693d0b7d89c10a19601211d7cd
          • Instruction ID: cd44fef892d8c9296914e127061c490651ff36871afd759d1f969e32636e5357
          • Opcode Fuzzy Hash: d75b245f1189f3334ee67e4cfe767ff074b42b693d0b7d89c10a19601211d7cd
          • Instruction Fuzzy Hash: 02B18F74B006018FCB55DF38D5949AEBBF2FF88210B149969E94A8B365DF34EC46CB90
          Function 061B8309 Relevance: .3, Instructions: 257COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e322c7fd763ae92feacad415a6da1864c43e47973b4b845de072149ef9373305
          • Instruction ID: 7ba3f9a3482d92047237b3d30f49ffec56f813177a0aa1cf9afbe61c218b3a0d
          • Opcode Fuzzy Hash: e322c7fd763ae92feacad415a6da1864c43e47973b4b845de072149ef9373305
          • Instruction Fuzzy Hash: 30A16E34B042498FDB88DFA4D8946AE7FB6EF88351F144468E906DB395DB34DC82CB90
          Function 060E4875 Relevance: .3, Instructions: 255COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4f863a53e586328758e1e71bfb66a005bd30d767669d4ef7c49128e6258c535a
          • Instruction ID: f53d9959ee78cb246a41d69210513b42adb684323736fe6964826240618d786a
          • Opcode Fuzzy Hash: 4f863a53e586328758e1e71bfb66a005bd30d767669d4ef7c49128e6258c535a
          • Instruction Fuzzy Hash: BCA13B71E103198FCB55CFA8C884A9DBBF2AF89310F258555E419BF361DB70AD86CB90
          Function 061BBEB0 Relevance: .3, Instructions: 255COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b7d4b469f535a7fdfb56c596f22eddb88b61aadfb7072e5fd6b92f834efdb9d6
          • Instruction ID: b10b14fc50d582523b860b4bcc748acedceccdadc439f51c09e538b1b09c5adc
          • Opcode Fuzzy Hash: b7d4b469f535a7fdfb56c596f22eddb88b61aadfb7072e5fd6b92f834efdb9d6
          • Instruction Fuzzy Hash: ACB10771E007098FDB15DFA8C844ADDBBF2BF89310F159659E405BF261DB74A986CB80
          Function 060E3168 Relevance: .3, Instructions: 254COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3d3ff27d8a6e065308a0f5cd60d42746deacdff79a1add395e4d3051d64044b8
          • Instruction ID: 62f56ab54ed2653e305ec8fcf58dd5e9ddb7397b28abebea39881e7883a1ff82
          • Opcode Fuzzy Hash: 3d3ff27d8a6e065308a0f5cd60d42746deacdff79a1add395e4d3051d64044b8
          • Instruction Fuzzy Hash: 21A1A070A003059FCB55EBA9D8957AEBFF2EF88310F10882DE54697351CB38AE46CB51
          Function 0683A260 Relevance: .3, Instructions: 254COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8bfec4429af9dd08cabc8ff67f0dd77e008021480d215f9a68aa178dd5c475ba
          • Instruction ID: e4b6f5a1a1dfcb04113ba0dd271353cdb3ae04264ee63b03d01814eef40c4075
          • Opcode Fuzzy Hash: 8bfec4429af9dd08cabc8ff67f0dd77e008021480d215f9a68aa178dd5c475ba
          • Instruction Fuzzy Hash: 2CA15930E003198FDB54DFA8D894A9DBBF2EF89310F158169E946EB365DB74A845CB80
          Function 0683971C Relevance: .2, Instructions: 223COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 92ed42a641dca360926144ce77142ccabc9ab44118dc013e28a6188661e990bf
          • Instruction ID: bb3ca14d50945d1d255f4a698b27db3278a015a5cd20fc69b1e25432b5c47424
          • Opcode Fuzzy Hash: 92ed42a641dca360926144ce77142ccabc9ab44118dc013e28a6188661e990bf
          • Instruction Fuzzy Hash: 90A11C74E003198FDB54DF69D850B9DB7B2FF88310F208699E909A7355DB70AE858F90
          Function 061B94A8 Relevance: .2, Instructions: 219COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1a489ad7540d3da12f21aa02891d832bbaa0c67c90185dafb98893f52aa87184
          • Instruction ID: dee235111d241c336eb636b3d24b4985aae48ca74e734815b539ab833a434d33
          • Opcode Fuzzy Hash: 1a489ad7540d3da12f21aa02891d832bbaa0c67c90185dafb98893f52aa87184
          • Instruction Fuzzy Hash: 7C711A31B047508FCB65CB68C8809EAB7F1EF86311B05DC6BEA56CB651D734E846CB94
          Function 060E31B8 Relevance: .2, Instructions: 216COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b1a385f1d930f8aaeb766a4ea3e8c134d9e712f61134a7decd771ca67b886c64
          • Instruction ID: ebbb0e33de1273102205ed3e5517a100e29b1094e6395c6a9f3cf40c7f286fee
          • Opcode Fuzzy Hash: b1a385f1d930f8aaeb766a4ea3e8c134d9e712f61134a7decd771ca67b886c64
          • Instruction Fuzzy Hash: 1F818C74A002059FCB54EBA9D8856AEBFF3FF88310F50892DE54693354CB38AD869B51
          Function 061B7FF0 Relevance: .2, Instructions: 211COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 295a34dbd361aa59189df8849c7a78fbdf5ec37ab4375d6e852f01e94ca46dcf
          • Instruction ID: 4831a68bdc72bd899dfe6003913631f7d3b9aced16d6ce6ba8434a2ae7e0b5ab
          • Opcode Fuzzy Hash: 295a34dbd361aa59189df8849c7a78fbdf5ec37ab4375d6e852f01e94ca46dcf
          • Instruction Fuzzy Hash: 5871CF30B042499FCB85DF68D8949AEBFFAFF88710B044469E902CB252DB34DC56CB91
          Function 061BD538 Relevance: .2, Instructions: 193COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 439c26d4e8acb01239bc7a4e9b44119a9561be4e29c7e500ccda88186a036ec3
          • Instruction ID: 85ff2cbcb81b9deacf6c131770ce95d2b2ade3cb48dc5bbd4ca308eae8b8dbb3
          • Opcode Fuzzy Hash: 439c26d4e8acb01239bc7a4e9b44119a9561be4e29c7e500ccda88186a036ec3
          • Instruction Fuzzy Hash: 84719D70B002018FCB55DF38D5949AEFBF2FF89210B148A69E94A8B355DB34ED46CB90
          Function 061B4068 Relevance: .2, Instructions: 193COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fa6af1aaf66b7d21e17e1d6b899476f6ade45b541b6cd3c9067b520b212e2566
          • Instruction ID: d7ee99f125d596fc860678fcd650a8594a3be2993daafe06c7242c62f61e305a
          • Opcode Fuzzy Hash: fa6af1aaf66b7d21e17e1d6b899476f6ade45b541b6cd3c9067b520b212e2566
          • Instruction Fuzzy Hash: BA91B138902205EFCB09EFA0E6518ADBBB3FF89310B504558E902673B9DB365E52DF51
          Function 060E40E0 Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9325e840b0b5f15dafa3978b61751449898e28d01d23841432d27506bae212e5
          • Instruction ID: b0e53b18847ca6abdfcb4bb9ffc3beb9013cb6ca7e01307f9484e52c9ea05de2
          • Opcode Fuzzy Hash: 9325e840b0b5f15dafa3978b61751449898e28d01d23841432d27506bae212e5
          • Instruction Fuzzy Hash: 41718C70900715CFDB15CF68C880B8EBFF2FF89310F158659E845AB255D770A98ACB90
          Function 061B9F58 Relevance: .2, Instructions: 187COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c797bd0b96ec7df28b11a3bbf925eeffbccac1712616057b0cec4ad824daa403
          • Instruction ID: 1f3ac0a26dadcde15ce04680bc7b1076e2f84d8249dec705203aa824a0f490b8
          • Opcode Fuzzy Hash: c797bd0b96ec7df28b11a3bbf925eeffbccac1712616057b0cec4ad824daa403
          • Instruction Fuzzy Hash: 1761D130B002049FDB599B28D4947AEBFE2EF89310F14886DD9469B381CF35AD86C791
          Function 061B0688 Relevance: .2, Instructions: 186COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1bbbe60b836ab7555af80f7d80964569ca469637b9e6ccff70b2f234eafa4598
          • Instruction ID: ef480dd1379c78597934fffb75f6937b7b68937630f98674b29ad48040bb6de2
          • Opcode Fuzzy Hash: 1bbbe60b836ab7555af80f7d80964569ca469637b9e6ccff70b2f234eafa4598
          • Instruction Fuzzy Hash: 78512634B001018FDB989F2DC498A6AB7E6BFCC61232994A9E406CB379DF71DC41CB81
          Function 061B72F8 Relevance: .2, Instructions: 186COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 83a7adee6e75f8a71d4624ea6f4704114a9a7200179e9e2389cf9892268f4969
          • Instruction ID: ee0769924491f7418f391fe4a2a7c93efe913dcda4b7b13a3d6668a360231d28
          • Opcode Fuzzy Hash: 83a7adee6e75f8a71d4624ea6f4704114a9a7200179e9e2389cf9892268f4969
          • Instruction Fuzzy Hash: 9D519B71B007069FD724CB6AD880AAFBBF2EFC8315B148829E946C7790D771E845CB90
          Function 060E20C0 Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dc6b83464ffe6982e89b9c40d95c6556277c7f8d8b604381a0c5e9d5b3884183
          • Instruction ID: 44cd9122c5661cdc3896c71126636952dfd8295bdbea81d1ed223e16787fe8b1
          • Opcode Fuzzy Hash: dc6b83464ffe6982e89b9c40d95c6556277c7f8d8b604381a0c5e9d5b3884183
          • Instruction Fuzzy Hash: 5F714E3191025A8FDF12CFA4C880ADEBFB6BF86310F154595E401BF155D770AA8ACB91
          Function 060E60DF Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4576bba7278178213305dc21ea6aa32087277bacf3e2ce10f4470229b2ce33f1
          • Instruction ID: e451698a2a2276f4a625dbe71fbe9315d35cc2533379a925b2950a69266f9390
          • Opcode Fuzzy Hash: 4576bba7278178213305dc21ea6aa32087277bacf3e2ce10f4470229b2ce33f1
          • Instruction Fuzzy Hash: B1519030B003058FCB49EBBED8A156EBBF6EF89210758892DF5069B345EE74AD0587D1
          Function 061B4078 Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ede8f410606f912ad6a34c14966b2cb1e70a0d16cfaf6c0bf7b9abba8169d2b1
          • Instruction ID: c757b2c9f127c4d375e5a3a32c1a4edc680dbdd739e0bb68ac6278491d3f9aa9
          • Opcode Fuzzy Hash: ede8f410606f912ad6a34c14966b2cb1e70a0d16cfaf6c0bf7b9abba8169d2b1
          • Instruction Fuzzy Hash: 6391A138902205EFCB09EFA0E6518ADBBB3FF89310B504558E902673B9DB365D52DF51
          Function 061B318F Relevance: .2, Instructions: 180COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff71ec3e83d82f90aade6dca2b7f91edb2aaebf5a8b121ba563158d8c6df56a5
          • Instruction ID: c8bd1a82afd665e7070141a2feaf75cebf5602eda799355547259e44a6a000ab
          • Opcode Fuzzy Hash: ff71ec3e83d82f90aade6dca2b7f91edb2aaebf5a8b121ba563158d8c6df56a5
          • Instruction Fuzzy Hash: C7512971B053414FD746DB3C9C946EBBFA2DF86210B0589ABD845CB263EE29C916C3D2
          Function 06838778 Relevance: .2, Instructions: 178COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 06a95be73f4e3f0f9de655fc4ccbe0db7c9e361ef3a2316fe5f691e9eae5f41f
          • Instruction ID: f6c97453f462878d80a1482bec7c348385b96eab1fd7f6cc0729aa272db5f82c
          • Opcode Fuzzy Hash: 06a95be73f4e3f0f9de655fc4ccbe0db7c9e361ef3a2316fe5f691e9eae5f41f
          • Instruction Fuzzy Hash: 98617B71E003198FCF55DFA9C88099EBBF2EF89310B158615E905AF318DB74A94ACB81
          Function 061B7618 Relevance: .2, Instructions: 177COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f0090562cd0267db799fc667e9d1896634569c04170bdebc97396ab68d44ffa9
          • Instruction ID: 3bf47edb4fe546cc361d74cb431a07625bd40a7070299b63d721dc174d91ebf7
          • Opcode Fuzzy Hash: f0090562cd0267db799fc667e9d1896634569c04170bdebc97396ab68d44ffa9
          • Instruction Fuzzy Hash: 2D515932E102558FDF15CF78C8846EABBB6EFC9310F1581AAE911AB2D1D771D885CB80
          Function 06837F58 Relevance: .2, Instructions: 172COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1b359b78075afdac8fff284c255484c8ef87015ca151fa23ded7322731782bb5
          • Instruction ID: 3458980972a522dcfde893dd1c39de1312f1c29a17ad03d0b5804602a3cc1faa
          • Opcode Fuzzy Hash: 1b359b78075afdac8fff284c255484c8ef87015ca151fa23ded7322731782bb5
          • Instruction Fuzzy Hash: 40611871D1075A8FDF06CFA4C88498EBBB2BF8A350F158655E804BF255D770A98ACB90
          Function 061B6640 Relevance: .2, Instructions: 170COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1104ea9b501e558fe27b9712a37eebb426b292fe45414beeb0162aae8eab7a37
          • Instruction ID: 70c9168f60a791eea30b0c2b36e1b6cdaf532708c5e65c2b284084704501e242
          • Opcode Fuzzy Hash: 1104ea9b501e558fe27b9712a37eebb426b292fe45414beeb0162aae8eab7a37
          • Instruction Fuzzy Hash: 13512635B202188FCB48DF69D9548ADBBB6FF98B11B1554AAE506CB361DB70ED00CBD0
          Function 060ED3C0 Relevance: .2, Instructions: 168COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d3a0bf564f96027900a2e67af2342ee8effb1415f68232495b92d6a9d7dd9815
          • Instruction ID: 005cee3df222ad605207514ca4a1fb01d1c6f7ba2ab90e38f2b02cb721922016
          • Opcode Fuzzy Hash: d3a0bf564f96027900a2e67af2342ee8effb1415f68232495b92d6a9d7dd9815
          • Instruction Fuzzy Hash: 97619370A007059FC760DF29D89465EBBF2FF88320B248B2DE45A976A5DB34E945CF90
          Function 061BADD7 Relevance: .2, Instructions: 162COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f17ded12af58b54a8f53c85bbdd20102c9f7e6d07241fb1e5f1980b1dae8269e
          • Instruction ID: 6aa9a82a1d5fea46bd766cf3489f7792de5269c99fef4fffdfaf18b43251754a
          • Opcode Fuzzy Hash: f17ded12af58b54a8f53c85bbdd20102c9f7e6d07241fb1e5f1980b1dae8269e
          • Instruction Fuzzy Hash: C151BC70B013049FD72ADB34C854BEABBF6EF89304F14886DE49697391CB71A885CB90
          Function 060EFAF5 Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 688ec23171324cb8ad66dc9b192fb397a5f4f0fb6f6903597c4d3e6f7c25ef68
          • Instruction ID: 55ccacdccc4d6f4b240f2a54f822280368a89b4cf4e6fa8bcba11b08df92819b
          • Opcode Fuzzy Hash: 688ec23171324cb8ad66dc9b192fb397a5f4f0fb6f6903597c4d3e6f7c25ef68
          • Instruction Fuzzy Hash: 58516134B501259FDB949F64C858B6D7BF6EF88720F258068E906DB3A1CB75DC41CB90
          Function 060E0006 Relevance: .2, Instructions: 154COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 63c515b41be7accbcd165aeec719f04a001a40001945283a00c6bc738b8e9eb3
          • Instruction ID: e8f58f927bb644b45cb6e05548c8aa52bebdbf90602b2f53449b35b3787f1bba
          • Opcode Fuzzy Hash: 63c515b41be7accbcd165aeec719f04a001a40001945283a00c6bc738b8e9eb3
          • Instruction Fuzzy Hash: 1F510B709003459FCB02DFA4D8406DEBFF2FF89310F15855AE445EB261DB74AA55CB91
          Function 060ED3E8 Relevance: .2, Instructions: 152COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a31c8b7059815f6153202674356d9f4edb37a42ce07df12bb5d9b39f9089d41
          • Instruction ID: 2742ee82761cc4ad642d296c1f3285e5c3dc61025ba32f0726715f8e28491487
          • Opcode Fuzzy Hash: 9a31c8b7059815f6153202674356d9f4edb37a42ce07df12bb5d9b39f9089d41
          • Instruction Fuzzy Hash: E4514070A007059FC764DF69D99465EBBF2FF88320B208B29E45A977A4DB34E841CF80
          Function 061BA2B0 Relevance: .1, Instructions: 146COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b6036d6b08114124ba84eca0bda34ee54d730756e7f3462b7a1b66ec109c7707
          • Instruction ID: 0cfdb760b65ef2e9ae3f1051b2a50d24287281aadedb3bffa693591ff46d4ba0
          • Opcode Fuzzy Hash: b6036d6b08114124ba84eca0bda34ee54d730756e7f3462b7a1b66ec109c7707
          • Instruction Fuzzy Hash: 2A512634A102099FCB54DFA9C984ADE7BB6FF88310F145469E905AB364DB31EC51CB90
          Function 0683E708 Relevance: .1, Instructions: 144COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cc64b17cc1a5bea753b743d5d4a78a4d21c7500a6888e3eb5956e50c4b36d3a
          • Instruction ID: 203ce864175d1b94c9c8562387762913a52b0ccdcadd3aa87f3fcb1817e0579d
          • Opcode Fuzzy Hash: 8cc64b17cc1a5bea753b743d5d4a78a4d21c7500a6888e3eb5956e50c4b36d3a
          • Instruction Fuzzy Hash: 6341B434B00225CFCB54AF69C4545AEBBF2EF88614B14896DD50AEB354EB34ED42CBC1
          Function 00F77300 Relevance: .1, Instructions: 142COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ccfe94f574eb1ccb148966460ebff1d86dedb9c1f57bfed703271bbade1f4953
          • Instruction ID: fc1606ed366da67502152ed0b2812751a153aa21cf3821c91c46ca1f5e881fa4
          • Opcode Fuzzy Hash: ccfe94f574eb1ccb148966460ebff1d86dedb9c1f57bfed703271bbade1f4953
          • Instruction Fuzzy Hash: 6A51D374A106058FCB15DF69C88499DFBF2FF89320B29C595E819AB365DB34EC41CBA0
          Function 061BFEB0 Relevance: .1, Instructions: 141COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ee5a98f839f6ddd7d77af525879cad71d64699396b0dfba6c2fc76c23f72d636
          • Instruction ID: 1377af32b90027d9342028a808c96808b01effc19ee8f50c7276bde181163d0a
          • Opcode Fuzzy Hash: ee5a98f839f6ddd7d77af525879cad71d64699396b0dfba6c2fc76c23f72d636
          • Instruction Fuzzy Hash: 3B11D370B002189FDB54AF69E8586AE7FF6EB85324F10446DE50AD3381CB349956C791
          Function 0683A565 Relevance: .1, Instructions: 141COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e450b979872d3786ea353eeca2cc3042acf1348f8fc9b3ea2749b9910dfe06a
          • Instruction ID: 3526eee16343fd21cd8f8510a40a343842046c19ffdcbc11b3353f4d65bd4799
          • Opcode Fuzzy Hash: 0e450b979872d3786ea353eeca2cc3042acf1348f8fc9b3ea2749b9910dfe06a
          • Instruction Fuzzy Hash: FF515C34F002198FDB54DB68D891AAEB7B6EFC8210F108199E90AE7355DF35AD46CF90
          Function 061B6C38 Relevance: .1, Instructions: 135COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fb0a308736cd012b04975f7921b69402bccdabce7890e5087d01a2fa7ff3d48c
          • Instruction ID: 8c318f5d3512ee2d7e351c4fa047b94e9acd86165a667073bc587eca63baf05e
          • Opcode Fuzzy Hash: fb0a308736cd012b04975f7921b69402bccdabce7890e5087d01a2fa7ff3d48c
          • Instruction Fuzzy Hash: E25181347042108FDB589B65D4687AEBBB3EF94710F20C86DE6468B681DB78EC81CBC5
          Function 00F772D0 Relevance: .1, Instructions: 135COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7e8869309a6fbe78f787c95d0b81a2e68106b295f4f373608c862ddd50b11a71
          • Instruction ID: bc924ef7b10d377a2295cdcc9bb7a3af9943b2aea5670e46fe499bb3675e98bb
          • Opcode Fuzzy Hash: 7e8869309a6fbe78f787c95d0b81a2e68106b295f4f373608c862ddd50b11a71
          • Instruction Fuzzy Hash: 00514E75A142158FC705DF68D88089DFBF2FF89310B19C595E819AB366DB34ED05CB90
          Function 061B9D68 Relevance: .1, Instructions: 132COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 34a7f25ae08b90367aa134e22c85dabacb85c44ec40a49007dc902d9dccd443b
          • Instruction ID: 68ed93d5b29b0acfdc5c011c6dcf6fc549c4594ed268790c4c8d3b05ad751e17
          • Opcode Fuzzy Hash: 34a7f25ae08b90367aa134e22c85dabacb85c44ec40a49007dc902d9dccd443b
          • Instruction Fuzzy Hash: D1518F71D01249CFDB15CFA8C8406DDBFB2FF8A310F25865AE514BB251DB71A986CB90
          Function 06838768 Relevance: .1, Instructions: 131COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84320d9e0a37570630811973edd75bb482383fcd005c13f3caec4bc364c80f91
          • Instruction ID: f7dae61ecb4190f2c36c2fb9f676bb5b8fa8bf1f64d6d5d9b4324fbc39fe68ce
          • Opcode Fuzzy Hash: 84320d9e0a37570630811973edd75bb482383fcd005c13f3caec4bc364c80f91
          • Instruction Fuzzy Hash: 0E419E71E003598FDF45DFA8C88059EBBB2EFC9310B158559E905BF205DB74B94ACB81
          Function 060E5592 Relevance: .1, Instructions: 126COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 94f090ca2e106f37ee3da25a4641f5af0ea995c50647783a1bfd06b3d449fbe8
          • Instruction ID: a76725bc7c90ddf5ee3a9786db872efcf6b1e280b9bc8065282fce9d356613bd
          • Opcode Fuzzy Hash: 94f090ca2e106f37ee3da25a4641f5af0ea995c50647783a1bfd06b3d449fbe8
          • Instruction Fuzzy Hash: 6F41D271E103558FDF52CF64C880A8DBFB2AF85324F198596E801BF251DB70A98ACB91
          Function 060E1E58 Relevance: .1, Instructions: 125COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 68ce9dcd8358855b6b7d7743d4c32266dd742d4f85ff6337f7db6f0b43918621
          • Instruction ID: 170fb8f947eb56eefc9b8dea8042abc1e597252e16368452085a3135c0854aef
          • Opcode Fuzzy Hash: 68ce9dcd8358855b6b7d7743d4c32266dd742d4f85ff6337f7db6f0b43918621
          • Instruction Fuzzy Hash: 07512E74A002158FCB58DF69D490A9DBFF2EF88320F1485A9E805AB351DB75ED45CFA0
          Function 060E0040 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b5054a5b9584d58b1c2c5495c5266a3e2684876ced7ca65ff09ff35046d2533
          • Instruction ID: 0c47f0246a3173b8aea7d5e6d4155890d255369f8a44ce42c0552d9e06a8c147
          • Opcode Fuzzy Hash: 2b5054a5b9584d58b1c2c5495c5266a3e2684876ced7ca65ff09ff35046d2533
          • Instruction Fuzzy Hash: E151B270900209DFCB11DFA8D884AEEFFF2FF89314F10855AE405AB251DB75AA55CB91
          Function 06838AB0 Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 50cb5baff2e3370dab75c31b2301cb45734897b51135e1ebefc9ea87920cebf4
          • Instruction ID: 12aa8ce54bb7260d82b2bf6565a6eae1e8911c4924b6687017cbdbebc093d5ae
          • Opcode Fuzzy Hash: 50cb5baff2e3370dab75c31b2301cb45734897b51135e1ebefc9ea87920cebf4
          • Instruction Fuzzy Hash: 22418B34B102198FCB41DB68D594AAEBBF2FF88320F188155E809EB355DB34AD42CF91
          Function 060E40D0 Relevance: .1, Instructions: 115COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 77c0da9181ef856848ae01b01110824c2a87666c0355eb7408abc7f174ad4d2c
          • Instruction ID: 1ca0bf54d4669302e07486edeec775c025cc96145fcbc6182783ea3764b7ffcb
          • Opcode Fuzzy Hash: 77c0da9181ef856848ae01b01110824c2a87666c0355eb7408abc7f174ad4d2c
          • Instruction Fuzzy Hash: 94416DB1D107199FDB21CFA4D88078EBFF6AF85310F158959E4417B241DB70BA4ACBA1
          Function 060E7DC1 Relevance: .1, Instructions: 114COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cca78711d8551b57b0020b429b0aca528d2b82ad9bb533f51b4dfb26bfeab73
          • Instruction ID: f885917dfeaa06b771cf84b7e4e09ebc097a89f8451248560a6d62eba5bfd2bc
          • Opcode Fuzzy Hash: 8cca78711d8551b57b0020b429b0aca528d2b82ad9bb533f51b4dfb26bfeab73
          • Instruction Fuzzy Hash: 1B3168367007228FD7998B24DA507AA7FE6FF8C614B14856AD405C7391EB34DD41C7D1
          Function 00F7B798 Relevance: .1, Instructions: 114COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c505143552c7a529e9dd7e0af05f91a93a052bdf2ce9252da3764f97f77941f0
          • Instruction ID: e618f70dbf6267953a0cd17c0423debf3672a69e5ef804dc73c56bb056a22459
          • Opcode Fuzzy Hash: c505143552c7a529e9dd7e0af05f91a93a052bdf2ce9252da3764f97f77941f0
          • Instruction Fuzzy Hash: 5331C375B002069FCB18DB35E85466E77E6EFC5360714C82AE80AC7251EF34DD06E792
          Function 060ED13B Relevance: .1, Instructions: 113COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ba71f26b70c0ce5b873b34c5b45c77e597807add7e0d7317eeb7e8e979f2b5e8
          • Instruction ID: 99802092ff863403980caf31db63f78e96c4600058018f258f77128a88c60456
          • Opcode Fuzzy Hash: ba71f26b70c0ce5b873b34c5b45c77e597807add7e0d7317eeb7e8e979f2b5e8
          • Instruction Fuzzy Hash: 03418231B40219AFCB54DFA8D854AAEBBF6EF88710F108529E816E7380DB74DD05CB90
          Function 060E7ED0 Relevance: .1, Instructions: 112COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8fbf622b4e5e2691526321e726c85b56b5df608d75f5846499fc307b9480ddde
          • Instruction ID: 4720540665f3e0e41c4fa624828370a5834369eb2792d9eaf12d133f05885ebf
          • Opcode Fuzzy Hash: 8fbf622b4e5e2691526321e726c85b56b5df608d75f5846499fc307b9480ddde
          • Instruction Fuzzy Hash: 5B31F535BD43228FE7E44A24DA9063E6AD59F48118704457EEE47CBB12FB3CD844C2A1
          Function 061B322F Relevance: .1, Instructions: 112COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 793e286b819c7260588824a943d38c56a46075a11e6f9d48bd70eab16d9c3644
          • Instruction ID: 09963346540d17ec9cb08ab676731efe7a9df7f55b5d18e3e9524a7f24a37d1d
          • Opcode Fuzzy Hash: 793e286b819c7260588824a943d38c56a46075a11e6f9d48bd70eab16d9c3644
          • Instruction Fuzzy Hash: 53310270B002018FC745DB39D8955AEBFE2EFC9250B1588A9E84ACB352EF34DD12C791
          Function 061B58F1 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d8c8d8216271ae00ba4d7c55f5e4e3eb99740b9a01d07d6b6cf4ef7fcbf1823e
          • Instruction ID: 01bf3ed2dad125165b0b26091fb7584d3574d2587a4af45f3dc284be978d69a6
          • Opcode Fuzzy Hash: d8c8d8216271ae00ba4d7c55f5e4e3eb99740b9a01d07d6b6cf4ef7fcbf1823e
          • Instruction Fuzzy Hash: B041B2319002059FCB61DF64D844BEF7BF3EF84314F144929E26297694DB746ACACBA1
          Function 061B2800 Relevance: .1, Instructions: 110COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cd17be0ad6139cd81e618ceabbeaa4c325562e45c2f84a95947849be0dcc2dd6
          • Instruction ID: 3466006560a129591832cad04b39801e9b26732f405f6221b056ba638c8d7c99
          • Opcode Fuzzy Hash: cd17be0ad6139cd81e618ceabbeaa4c325562e45c2f84a95947849be0dcc2dd6
          • Instruction Fuzzy Hash: 0031A135F011058FDB54CB69D884AAAFBE6EFC4220B14C17AEA0DC7655DB30E91ADB90
          Function 060E34C1 Relevance: .1, Instructions: 109COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 090383d4ed7bd2dee9029a4ec111a5c76d3b7372c886c1e181a4ca7d14cc124a
          • Instruction ID: f2d3a8ed77f9d7704a269baa1f535989f1b1f6825a328f3abe10719992228a0a
          • Opcode Fuzzy Hash: 090383d4ed7bd2dee9029a4ec111a5c76d3b7372c886c1e181a4ca7d14cc124a
          • Instruction Fuzzy Hash: 7C416E72D00659CFCB16CFA8C4405CDFFF2AF8A310F298656E855BB251D770A986CB50
          Function 060E19E8 Relevance: .1, Instructions: 109COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a84ad8b08db87d585c575aa6dbd1cbffc45f6f3af9875a7c3a12b6b4727e1d5a
          • Instruction ID: 805040026a73fc41c1d859c6240e532cb16b5f99728eddcbf4de6ddefd2218c8
          • Opcode Fuzzy Hash: a84ad8b08db87d585c575aa6dbd1cbffc45f6f3af9875a7c3a12b6b4727e1d5a
          • Instruction Fuzzy Hash: F3419C71E402198FDB50DFA8D8487EEBFF5EF48310F1488AAD119E7280DB749A44CB91
          Function 061B5900 Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 76362ba7307f6928215191d7a9f2173f455076811731308b00b083ba30633e59
          • Instruction ID: 7e9a673fbf699f5187cf66b68832e2974cb57b114160614e08b0e5ce5929616b
          • Opcode Fuzzy Hash: 76362ba7307f6928215191d7a9f2173f455076811731308b00b083ba30633e59
          • Instruction Fuzzy Hash: 1E4182319002059BCB65DF54D844BEF77F7EF84314F104928E222A7594DF74AACACBA1
          Function 0683ADCC Relevance: .1, Instructions: 100COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 24566cdc94457e0c07443a2ba07eb3018d1757be9f12a5c8dbd024a40c8d8536
          • Instruction ID: 54fcbd53a8cacd9f8adfb0c24590bc1f255e34f1b04b72bd17cd8fb0aed34c71
          • Opcode Fuzzy Hash: 24566cdc94457e0c07443a2ba07eb3018d1757be9f12a5c8dbd024a40c8d8536
          • Instruction Fuzzy Hash: B8410534A00629CFCB64DF68C994B9DB7F2BF89314F204699D509AB361DB70AD85CF80
          Function 061BDA40 Relevance: .1, Instructions: 99COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ad7f10be7a28b1a9bdf39f98aa425fe697168c2545cfe5b5a3cb2a4458d9988e
          • Instruction ID: e58fd140bb72092ad043b53288d50f246b5f0e4299a09a2c02ba5c2e92c626f4
          • Opcode Fuzzy Hash: ad7f10be7a28b1a9bdf39f98aa425fe697168c2545cfe5b5a3cb2a4458d9988e
          • Instruction Fuzzy Hash: D5417E74E016499FCB18CFA9D5949DEBFF2BF89310F248169E801AB354DB70A945CB40
          Function 061BA73C Relevance: .1, Instructions: 98COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 687966f31c411edbb1581297c2597280f1ac2a93e403086d7451e991011de194
          • Instruction ID: 0f7a2060945cc444d9435bab07d2e060ed53afdc4601594a3e9349fcef0993fb
          • Opcode Fuzzy Hash: 687966f31c411edbb1581297c2597280f1ac2a93e403086d7451e991011de194
          • Instruction Fuzzy Hash: AC412734A10209DFCB44DFA4D998EEE7BB6FF88311F155055E901AB264CB31EC51CB20
          Function 061B4652 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55b39d03449b2eb799167a1a213274171f8f2c9761bff8219e77e7da57ec931c
          • Instruction ID: 1c8b3021553032440e09426783f15796be7e19b099ee367bc91b6986ff271bad
          • Opcode Fuzzy Hash: 55b39d03449b2eb799167a1a213274171f8f2c9761bff8219e77e7da57ec931c
          • Instruction Fuzzy Hash: 5831C6382047518FC722CF34D8949A6BFF2EF89310715CA99E4468B77ACB35E846CB90
          Function 061B6C28 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 46e2bc2b718af6b61567e66de31a555dbe3eab0945ad23ef19a21bc06924d07c
          • Instruction ID: c18f21a207f92df347a98ccf97fade698b38926a8da6e2e9f98d8c3431aa5c1c
          • Opcode Fuzzy Hash: 46e2bc2b718af6b61567e66de31a555dbe3eab0945ad23ef19a21bc06924d07c
          • Instruction Fuzzy Hash: 87318F34B042508FDB589B65E8687AD7FB3AB54710F149869E642CB281DB78EC85CB81
          Function 061BB860 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53293eafb1769547e87889e20222291a1865dbe6b637903cea0ed5d60f5dad6c
          • Instruction ID: 4132bf9d7be9245265eeaa4057dadc0f8bb40b49a554d91c097a7ad5222d1aa1
          • Opcode Fuzzy Hash: 53293eafb1769547e87889e20222291a1865dbe6b637903cea0ed5d60f5dad6c
          • Instruction Fuzzy Hash: A331DC31E0921ACBEF149F64E4807EEBB72EFC4311F24817AD9096B605EF319952CB90
          Function 060E7EE0 Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b41af24ea3a003a2b7350b9228d9eddf49e01eb352e1934b96731b8df8c89d6
          • Instruction ID: 3995c010dcff3f10f454013c3a111b845a72441c6fc8cf4ae69580740a49ea56
          • Opcode Fuzzy Hash: 0b41af24ea3a003a2b7350b9228d9eddf49e01eb352e1934b96731b8df8c89d6
          • Instruction Fuzzy Hash: D6314C347C43218FA7E49B24D9E483E7BE6AB84614314543DEA578BB15EF38EC45CB50
          Function 060E20B1 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8f6255b99af8f243c7f35ab6c706268aab7e6b56be74d881a18abfb17ddffaa1
          • Instruction ID: cafee61ba5d892eb54d00bc632e401f75be3e0e18e1379cbe54e1cfbc35a68c8
          • Opcode Fuzzy Hash: 8f6255b99af8f243c7f35ab6c706268aab7e6b56be74d881a18abfb17ddffaa1
          • Instruction Fuzzy Hash: 4A315A31E102699FDB11CF94D8849CEBFB6FF89300F058595E944BB215DB70AA8ACB90
          Function 060E8B29 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e0d9073cdd404dbc9dd8c44234c0f3460a286735d67b704cfd218c4235032b65
          • Instruction ID: 3de1e6edc9258047e3eb950af4b852bdf4db811fa38359781c73549f06510008
          • Opcode Fuzzy Hash: e0d9073cdd404dbc9dd8c44234c0f3460a286735d67b704cfd218c4235032b65
          • Instruction Fuzzy Hash: 29318271A00606CFCF11EF68D8405CEBBB1EF89314B10CA69E805AB255DB75ED96CB90
          Function 060E5E90 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2c1edace3f664f4a2d4e3df65ae5450f0d022bd56531af1aa2bba69cb47c1862
          • Instruction ID: dd0e07337766bf072fc4dab8ace128b2cafdcc6f74995ec3af2e0f3117fbca72
          • Opcode Fuzzy Hash: 2c1edace3f664f4a2d4e3df65ae5450f0d022bd56531af1aa2bba69cb47c1862
          • Instruction Fuzzy Hash: 2E3169329102199FDF16CFA4C8809CEBFB6EF8A310F198655E8007F255DB71A986CB91
          Function 00F7F579 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5375e727d33335f4ef92c30a3e5d80865bd6e90d39637629b222b8023416b2da
          • Instruction ID: a93f7ed17e04d319a347957cea051c668e39273c254c0d5578772f89f21575c2
          • Opcode Fuzzy Hash: 5375e727d33335f4ef92c30a3e5d80865bd6e90d39637629b222b8023416b2da
          • Instruction Fuzzy Hash: 2F31AD31E102199BCB00DFB9DC096EEFBB1BF48315F44866AE409BB151EB349549CBA2
          Function 06839C27 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c476273676b6ef309b9dd002ef5a36a71b91dbae894b02ed81a850bcde847237
          • Instruction ID: 82ed79a450e68d7072d8db6e12734fc82f87b93687b1bbfa8de58358d030699c
          • Opcode Fuzzy Hash: c476273676b6ef309b9dd002ef5a36a71b91dbae894b02ed81a850bcde847237
          • Instruction Fuzzy Hash: E7316131E0021ADFCF14DF99D88099EFBF2FF88210F248569E904A7351EB70A946CB90
          Function 060E5730 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dd01e4b33cbd73d66c1ed45b2d60f6d87eab8e6f2c5770e99bd7c57b6d3e4e69
          • Instruction ID: d6e9d1dcf4b56f4710ebb9f7fbdbf1d1ebe79e72804635b5a4c50e6496b3d387
          • Opcode Fuzzy Hash: dd01e4b33cbd73d66c1ed45b2d60f6d87eab8e6f2c5770e99bd7c57b6d3e4e69
          • Instruction Fuzzy Hash: 5931C035B002168FCB55EB6DE9A446EBBF7EBC8315710492AE446D7354DF30AC06CB90
          Function 061B4680 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6add99294e1ee1b5dd741005a9e640958cc055a78e86c96a330d574fe927910f
          • Instruction ID: 7a181ffdef2df85e745b3471682efbe7f3f542963f69448883c74cc873200287
          • Opcode Fuzzy Hash: 6add99294e1ee1b5dd741005a9e640958cc055a78e86c96a330d574fe927910f
          • Instruction Fuzzy Hash: 6E3190357046418FC725CF34D494A66FBE3EF89310B18CAA8D54A8B76ADB74E846CB90
          Function 0683C430 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 71e4655aaa5ffbb60aabccec7f06008dcd3df59d9612ec990778b162e713a68e
          • Instruction ID: 7ecb3fbc9db39b41295619afe595247f7ad98976c052f15a7ec3681f0f7dde35
          • Opcode Fuzzy Hash: 71e4655aaa5ffbb60aabccec7f06008dcd3df59d9612ec990778b162e713a68e
          • Instruction Fuzzy Hash: EC31A335A042199FCB05DFA4D868AAD7BF2FF88310F04445AE406EB391CF75AD45DB91
          Function 0683F668 Relevance: .1, Instructions: 90COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4954a0b6c663af5b7cdac148a40c9c590bd624bf9467dd6afc44e9e0f533cce2
          • Instruction ID: 09852a6d72eb61f0db0812a14fd9084e03b553901219138a2276167ef768e272
          • Opcode Fuzzy Hash: 4954a0b6c663af5b7cdac148a40c9c590bd624bf9467dd6afc44e9e0f533cce2
          • Instruction Fuzzy Hash: 1A31277090010B9FCB01FFA8E8516DE7BB2FF84314F604969E505AB355DB386E46CBA1
          Function 00F2FE74 Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 317d1dbf52fb3e9a4eefad5eada1831e83e9b16de7c7eaa9e94913800b80fccc
          • Instruction ID: b495be6592c9281eaa71cd44ff11af2c48b66c6de9702ad1982ebc112aacf482
          • Opcode Fuzzy Hash: 317d1dbf52fb3e9a4eefad5eada1831e83e9b16de7c7eaa9e94913800b80fccc
          • Instruction Fuzzy Hash: 09319272514240EFDF069F94DAC0F167F76FB48314F2486A9EE090A26AC336D869EB51
          Function 060EDA88 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 872642d28cb8ece74ee4127a99fa883bf7d220ae8ad82e8ad39e91dec67ec3c4
          • Instruction ID: ad96193e41300923b6b3a52175a2710f8822f716110727d430d0909ca0960233
          • Opcode Fuzzy Hash: 872642d28cb8ece74ee4127a99fa883bf7d220ae8ad82e8ad39e91dec67ec3c4
          • Instruction Fuzzy Hash: 7D316B34E00219EFCB54DF64D994A9EBBF6EF88310F108529E81AA7784DB709D01CBD0
          Function 060ED148 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be766943ea7b7886faf914b3efcd7116e5874b04943f44285889483812f8078c
          • Instruction ID: c17a61d5d2fc4c57c93745d6b25477ba78752aea70e4d3edf939737f525350f4
          • Opcode Fuzzy Hash: be766943ea7b7886faf914b3efcd7116e5874b04943f44285889483812f8078c
          • Instruction Fuzzy Hash: C4318930E40219AFDB54DFA4D994AAEBBF2FF98310F108129E816A7380CB749D01CB90
          Function 060EDA98 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f4d98a9e53c139a21d9fffc64e6fc09b5eefb84527540ac3b281887d21721f1d
          • Instruction ID: 8938d324d471af5c12d2f3c10162c6ede744775772f96c5aacfb1f4a58b255cc
          • Opcode Fuzzy Hash: f4d98a9e53c139a21d9fffc64e6fc09b5eefb84527540ac3b281887d21721f1d
          • Instruction Fuzzy Hash: AE316D34F40219EFDB54DF64D995AAEBBB6EF88310F108429E816A7794DB749D00CB90
          Function 061B55C9 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ef4741545bf5c89e629cc6e210c2dc85c69835af0b1c7bcfec8ae405634ac699
          • Instruction ID: c558757a57f00a2ae14850bed6940eff0c5ed488ea341842eb224b2ab5cc4650
          • Opcode Fuzzy Hash: ef4741545bf5c89e629cc6e210c2dc85c69835af0b1c7bcfec8ae405634ac699
          • Instruction Fuzzy Hash: F0318F74F011418FCB45DF68C4A4AAEBBF2EF89310B1580AAE8059B365DB35ED41CBA1
          Function 061BC86A Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9cdc4bd19991b2df3579dc6dca93208125cec81ce8c4dc61179e4034765adcfb
          • Instruction ID: 30567e041a98d027b227d01d8a068cece708afcd142410e7661c10d3c6bd9e00
          • Opcode Fuzzy Hash: 9cdc4bd19991b2df3579dc6dca93208125cec81ce8c4dc61179e4034765adcfb
          • Instruction Fuzzy Hash: FC21AE92A0D3D00FE30316385C656867FA6DF67294F5A05EBC489CF0A3E80A891AC363
          Function 060E1C40 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65941d8ac37c53c208414988b3e1f79a72cf29bee32905f79c591189f18c0230
          • Instruction ID: 7fbd207561049bedb80cbb7984dcac15f35e15577f6f02fd8d937fdfb98a90bd
          • Opcode Fuzzy Hash: 65941d8ac37c53c208414988b3e1f79a72cf29bee32905f79c591189f18c0230
          • Instruction Fuzzy Hash: D2219D723442219FC755AB38D459A6A77E6AF88711B1484BAE505CF3A0CB32DD82CBD0
          Function 00F2F868 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a0a84c0e0b6b15219f811b80ecbba8bb6978839f60b90485e73c619e2c061ab
          • Instruction ID: 2284ee1d56058243c6394c7efaa3539639e8c4f80f07fdea0ece37b831685384
          • Opcode Fuzzy Hash: 4a0a84c0e0b6b15219f811b80ecbba8bb6978839f60b90485e73c619e2c061ab
          • Instruction Fuzzy Hash: CD31C572510240EFDF059F54E9C0F16BF76FB88324F2485B9ED094A256C336D85AEB61
          Function 061B55D8 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd61041d0aaac278d3ed05ddc1456b573d264caf3d9ee191eda55eef65d3a9f7
          • Instruction ID: f403db54d0e978412d894046be4fb5aadebb2aa880ad74ff96d2e1a8eada7e34
          • Opcode Fuzzy Hash: bd61041d0aaac278d3ed05ddc1456b573d264caf3d9ee191eda55eef65d3a9f7
          • Instruction Fuzzy Hash: 90314B74F011058FCB49DF68C4A4AAEBBF6EF88310B15846AE9059B365DB31EC41CBD1
          Function 06835E10 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b94515447c5e41c630ede30e14467777c2e01cda98b5a4a3460c986ac4454326
          • Instruction ID: fc0d7a9407df68f410914250211dc05761a15e1f0b2442bc075d0cd8d3bf35f0
          • Opcode Fuzzy Hash: b94515447c5e41c630ede30e14467777c2e01cda98b5a4a3460c986ac4454326
          • Instruction Fuzzy Hash: BA3135B1D002599FCB14CFA9D584ADEBFF5AF48304F288029E909AB350DB749945CFA1
          Function 0683A251 Relevance: .1, Instructions: 82COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 78ae90c0316749a2b5bdbc74021660f30d0fae19ce9c75e0f18142680c14df18
          • Instruction ID: d145f86d2d312c84afd81f8ae463f449df63035019b418eb31e88131f809169f
          • Opcode Fuzzy Hash: 78ae90c0316749a2b5bdbc74021660f30d0fae19ce9c75e0f18142680c14df18
          • Instruction Fuzzy Hash: 28316975E107599FDB05CFE5D8409CEBBB2EF89310F11812AE944BF214DBB1684ACB80
          Function 061BA617 Relevance: .1, Instructions: 81COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 18a0a0a1f71818ccf54907f0ac527fc384148d9ca6af7febeb123ea7f1396338
          • Instruction ID: 2996ab92c97559b97cd9862d061feb0b894dfd05d5c0c8a1ee1580c8c5ae4bf3
          • Opcode Fuzzy Hash: 18a0a0a1f71818ccf54907f0ac527fc384148d9ca6af7febeb123ea7f1396338
          • Instruction Fuzzy Hash: F631B539A10209CFCF44DFA4D994AEE7BB6FF48311F144069E905AB3A4CB359C61DB50
          Function 0683F678 Relevance: .1, Instructions: 81COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d966b555a9eedc7ecdae7a2d2ce4147d2c4cd9325e0a353f776fe33a7d76a9d0
          • Instruction ID: 3dc49f1c17e288e57a20b7b971e7d006adab80934c8fd48be1fc8b5f94f1cece
          • Opcode Fuzzy Hash: d966b555a9eedc7ecdae7a2d2ce4147d2c4cd9325e0a353f776fe33a7d76a9d0
          • Instruction Fuzzy Hash: BF310574A0010B9FCB00FFA8E85569E7BB2FF84314F604925E505A7345DB386E468BA1
          Function 060E6FA9 Relevance: .1, Instructions: 80COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 94b960afb230f24c8566abf26cb6925fd209693996f8eda3336a7f3d2ffbe4e8
          • Instruction ID: d9fe17ad9ebe8fa4644cc126cc34a871ac9ef5a84be6d1b1b1d96c4787613464
          • Opcode Fuzzy Hash: 94b960afb230f24c8566abf26cb6925fd209693996f8eda3336a7f3d2ffbe4e8
          • Instruction Fuzzy Hash: FE21C271700211AFCB96EA6ED89091E7BF6EFC8710325862AE405CB345EF74ED1687D0
          Function 00F2F76C Relevance: .1, Instructions: 80COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e26e62f9b25de5f05a7ae8fb5e45af389b9e3a0f56a4d674649a4da0418dcd60
          • Instruction ID: 4fdbb60543da1f80a19211bd3b73e0080dbfdd2c8d4deec0a10a2153aa89a1e3
          • Opcode Fuzzy Hash: e26e62f9b25de5f05a7ae8fb5e45af389b9e3a0f56a4d674649a4da0418dcd60
          • Instruction Fuzzy Hash: 1221B4B2514240EFDF058F54E9C0B66BF75FB88324F2485B9ED094A256C336D81AEB61
          Function 068344FF Relevance: .1, Instructions: 80COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 371c2947ffc46345c2e7cb04b45d3d8c751c5537d15843ff58f0895c44c38469
          • Instruction ID: 2a0be3574aa1fae133c590e3f8387a7e95af82cd2e3a11a62ae5617bc29727bd
          • Opcode Fuzzy Hash: 371c2947ffc46345c2e7cb04b45d3d8c751c5537d15843ff58f0895c44c38469
          • Instruction Fuzzy Hash: 94219039B011569FC705EB68D9949BEBBB7EFC92507104626E809D3398CB305C128BD2
          Function 060E35DD Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 90b927257a3bdfc2360f8aeae3322d73355a2d38c4f7308646c62f58b88c671f
          • Instruction ID: cf547142f64412f49b6d7e09ccf17821305210f368cfcee7f73557c343d4f7f4
          • Opcode Fuzzy Hash: 90b927257a3bdfc2360f8aeae3322d73355a2d38c4f7308646c62f58b88c671f
          • Instruction Fuzzy Hash: 2B218D75B40224CFDB599B78D455A6D7FF2EF88310F464198E8069B3A0DB34DC81CB91
          Function 00F787B8 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1d1d1af54f8afb00413db6fe30cf41618c590a97006018edfd40ba430c574494
          • Instruction ID: 2f5088a395b793c3247b6d2f777a04f0d84a8e89c2a91ea7303dc9b757699afe
          • Opcode Fuzzy Hash: 1d1d1af54f8afb00413db6fe30cf41618c590a97006018edfd40ba430c574494
          • Instruction Fuzzy Hash: 73219F797102509F8A067B64E49847DBFB7EFCD365318884CE50AC7354CEB9ACA3AB41
          Function 0683A7D9 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4de04c5441817cb676a192544f4a7db8b919f0cf3892977c8867329fd64415b1
          • Instruction ID: d6995f0c618ee6ed89dcaeb8e01b3f826c8de859f14b25dcbe08b89b9f78034d
          • Opcode Fuzzy Hash: 4de04c5441817cb676a192544f4a7db8b919f0cf3892977c8867329fd64415b1
          • Instruction Fuzzy Hash: FE21A131F002599FCF51CFA9C88048DFBF2EF89350B14821AE848EB255DB30A906CB91
          Function 00F76C98 Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 95e9c3e18bc6b404c4f5b1aad2754220a37717bcddc36fc626786cff9977eb24
          • Instruction ID: a5f41258c1db54237b000b5d3039a83565e96cc050d34b6357692231d8336c63
          • Opcode Fuzzy Hash: 95e9c3e18bc6b404c4f5b1aad2754220a37717bcddc36fc626786cff9977eb24
          • Instruction Fuzzy Hash: 38214870B002069FCB51DFA9C580A9EFBF1EF89260B14C56AE859DB315EB34ED508B91
          Function 060E80F8 Relevance: .1, Instructions: 75COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b388e2f4ffcd9f14b73011d622506a5c075801704915dd50f3f0eb6a366c9c3
          • Instruction ID: 44c9b44b8e0c4ad2e9d5af26e4c68388d95e339380796efd1a495b3d597d22f9
          • Opcode Fuzzy Hash: 0b388e2f4ffcd9f14b73011d622506a5c075801704915dd50f3f0eb6a366c9c3
          • Instruction Fuzzy Hash: C6217431A00218CFCB55DFA8C941ADDBBF6EF88310F1445A9D411BB391DB75AE45CBA0
          Function 060E7DE8 Relevance: .1, Instructions: 75COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 18e23622cc7220dbe536dff4d10ac2e92e7154a7f4e6a525c4d4bbb221fe9586
          • Instruction ID: 91e213c9bf246d59439304b3448a108691b264b748a3361303be1054d2d02246
          • Opcode Fuzzy Hash: 18e23622cc7220dbe536dff4d10ac2e92e7154a7f4e6a525c4d4bbb221fe9586
          • Instruction Fuzzy Hash: B321C339700A228FEB984625D2203BE7AD7BBC8615F58812DD80647795EF39DD81C7D1
          Function 060EC9B0 Relevance: .1, Instructions: 75COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 74a1f7caea5f59e7dbe264126e115a7d4d1b32f5a76bb7219fbc2ac61a1a0adc
          • Instruction ID: b4404de8c9a708bd3d88082f3b37517272dfc23121c8e450fe687d95e1c56e13
          • Opcode Fuzzy Hash: 74a1f7caea5f59e7dbe264126e115a7d4d1b32f5a76bb7219fbc2ac61a1a0adc
          • Instruction Fuzzy Hash: 7C217C70A012168FCB01DFA9D8909AEBFF5FF89300F10856AE955DB352D674AA05CBE1
          Function 00F7A989 Relevance: .1, Instructions: 75COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2925fea778cc0aa7f2a3eb0b614603580f2cad4ae526b994b0529babf356a067
          • Instruction ID: 8e11a9855fc9a7e5f7727605ac6433cd31734726402e6dced0c511d5c4cd6a58
          • Opcode Fuzzy Hash: 2925fea778cc0aa7f2a3eb0b614603580f2cad4ae526b994b0529babf356a067
          • Instruction Fuzzy Hash: CA21E171A00605CFDB14EB24C558BAEBBF2BF88710F21865AE4069B391CB759D41CBD2
          Function 00F77E33 Relevance: .1, Instructions: 75COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 160f0d02962bfc719244667438b4508b9e99d42141bfca751a33cfaae9e6a751
          • Instruction ID: 2a003d8459d40ffece103d41ceb13fbbd7cd0aaef144870eedcca44be5e32cd4
          • Opcode Fuzzy Hash: 160f0d02962bfc719244667438b4508b9e99d42141bfca751a33cfaae9e6a751
          • Instruction Fuzzy Hash: 8C212675E08245AFCB05ABB0EC155BEBFB6FFC5310B0480ABE405D7292DA344C16D392
          Function 00F76CA8 Relevance: .1, Instructions: 73COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d83055ae506037d6f615666adaee1dc6d6c084b4056dd15c1980aaf3d4060462
          • Instruction ID: 8a82e4f322a452f4baee51d9fbe07ad6b982523ddb651ea70684dcca845d7ca9
          • Opcode Fuzzy Hash: d83055ae506037d6f615666adaee1dc6d6c084b4056dd15c1980aaf3d4060462
          • Instruction Fuzzy Hash: 89212570B002069FCB50DFA9C580A9EFBF5EF88360B14C56AE859DB355EB34ED508B91
          Function 060E80E8 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cd3005f544f64e73b107c238cf2a3e49806eef20402269be44f72a4b162978e2
          • Instruction ID: dfb3d76cb9f1c613249f27e7e4c6bdf53b0f652137c6beeb7c32a013612b2343
          • Opcode Fuzzy Hash: cd3005f544f64e73b107c238cf2a3e49806eef20402269be44f72a4b162978e2
          • Instruction Fuzzy Hash: 08216231A00214CFCB55DFA4C941ADDBBF2EF88310F1449A9D451BB391CB759E85CBA0
          Function 060E5E86 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 469ad255690d0c251c0c3d56a84a88483006db6a52a3dae591e84b9ade60d3c4
          • Instruction ID: ba6716a2ca8392f260177fb62edf5e0ec0132975a7d4ec55858ccad2abdc70e5
          • Opcode Fuzzy Hash: 469ad255690d0c251c0c3d56a84a88483006db6a52a3dae591e84b9ade60d3c4
          • Instruction Fuzzy Hash: 5D213936D10229DFDF06CF94D8809CEBBB6EF89310B158655E9007B214DB71B98ACB91
          Function 00F2D678 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e364880125f553905c09c3b2826a24b0d788dfb8d2602ac0abc71d5a6bf1077
          • Instruction ID: a4175b8929cc8e4b2feaa9b8f2e9b77dea7eed7aa92dd3405bed77592af86b79
          • Opcode Fuzzy Hash: 4e364880125f553905c09c3b2826a24b0d788dfb8d2602ac0abc71d5a6bf1077
          • Instruction Fuzzy Hash: 8E2104B5904244DFDB04DF14E9C4B26BFA5FB88324F34C56DD80E4B296C37AD806DA61
          Function 00F2D464 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 465af6686ffa8c1d33c3c1dbd2671003bb665b26af5ac879a2d0f319869d519a
          • Instruction ID: 479942e33bfc32d9bdc76585526824b6ae6fcaf9d0db138cd20b4d2d3bc21a37
          • Opcode Fuzzy Hash: 465af6686ffa8c1d33c3c1dbd2671003bb665b26af5ac879a2d0f319869d519a
          • Instruction Fuzzy Hash: C1213BB1904240EFDB04DF14E5C0B25BB65FB84328F34C96DE8494B356C37AE806DB61
          Function 00F2D790 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bbc2c0020e1f8a0d59f117e6f4d4f35dd2821d2450eb89a2b3a4365a41fe964f
          • Instruction ID: 112f6096c8292ee2d635580019c2e24cd41f406e2390bf611e5e8515c7622d12
          • Opcode Fuzzy Hash: bbc2c0020e1f8a0d59f117e6f4d4f35dd2821d2450eb89a2b3a4365a41fe964f
          • Instruction Fuzzy Hash: 3A2127B2904244DFDB05DF14E9C4B66BBA5FB94324F34C56DD8094B286C37AD806EAA2
          Function 061B2CB8 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 808efbed5c9f3cbca65681b12402aea3ee17ea7f184a73fc717907d9a201ec4f
          • Instruction ID: aea1c675dfd3c8826ce5f46ce3b0c9e7194a3fd3e3f4e34b2664b9de82ed199f
          • Opcode Fuzzy Hash: 808efbed5c9f3cbca65681b12402aea3ee17ea7f184a73fc717907d9a201ec4f
          • Instruction Fuzzy Hash: 6B1194757102014FD798CA6DE890A7BB7DADFC8260724943EE90ACB755EF71EC068760
          Function 00F76D7F Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2be5ad647b13a230bc34adc5c34cf736456f90eb30917389f9eed637fcefc156
          • Instruction ID: 7964e0b0c5045e5744921df3902754db51e7bff32c9c761c6f8716ff4e7bb5e1
          • Opcode Fuzzy Hash: 2be5ad647b13a230bc34adc5c34cf736456f90eb30917389f9eed637fcefc156
          • Instruction Fuzzy Hash: 5321C835F006459FCB01DB68D88089DBBB6FF893007158256E504AB365DB30B806CB51
          Function 0683FEB8 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6b4983618efa4f28710931f7f3b0c6f4c03bbd0efa1d31a4f4cc0cd906b8c26f
          • Instruction ID: f52e00e065ec9bb9fe1dc66a524438c33242cb78a72d447ea32108f9798c5ee4
          • Opcode Fuzzy Hash: 6b4983618efa4f28710931f7f3b0c6f4c03bbd0efa1d31a4f4cc0cd906b8c26f
          • Instruction Fuzzy Hash: 6D210572A052548FCB418F18C880959BFE5AF47314719C5A6EE5CCF243DA60EC42C7E1
          Function 06838223 Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 17f0a9a65f10a1de98eb1035629bdf02c3d2a38530ceb9f7c72bb870969d434d
          • Instruction ID: 4f7e23041f0375b3e512b7a7ae4bd86d4c80c5deddb4a97e86f1caab46fe9ae2
          • Opcode Fuzzy Hash: 17f0a9a65f10a1de98eb1035629bdf02c3d2a38530ceb9f7c72bb870969d434d
          • Instruction Fuzzy Hash: 9521D572E1061A9FCF04DBA8D8505EEBBB6EFC8310F158626E511B7250DF70254ACBD1
          Function 060EAD50 Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7dd0898baac947d270d1c8af653f0c4eb0713deac06b90e2cae8f3df6bb3c538
          • Instruction ID: f8263d786f2fd648b108a6621db2cc7ce76225390266ca4d503310c2c3a6eff1
          • Opcode Fuzzy Hash: 7dd0898baac947d270d1c8af653f0c4eb0713deac06b90e2cae8f3df6bb3c538
          • Instruction Fuzzy Hash: 9E11083E7482245FD7948B75D8107AE7FE9EF88262F088466E805C3281D639D901C790
          Function 00F7A998 Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d68bb83cc872fbad3d22581b588fa12fc0bac94539e4d71c1864c146583b7559
          • Instruction ID: acc0e89194da029dc6d7552f2113f0cf3356a03cc501d9e1e29d995d31b4f416
          • Opcode Fuzzy Hash: d68bb83cc872fbad3d22581b588fa12fc0bac94539e4d71c1864c146583b7559
          • Instruction Fuzzy Hash: 3421D131A00215CFD714EF24C558B6EBBF2BF88710F20865AD4069B391CB79AD41DBD2
          Function 0683A7E8 Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: faa9cee7a9e8b837ecb10815063e55bda7f1b67c898a2bb37ab6c8dfbf121fdc
          • Instruction ID: 746428edcacd4bf4aa0e76c3780352f1b73dd75d373ee596834bf204a4f70101
          • Opcode Fuzzy Hash: faa9cee7a9e8b837ecb10815063e55bda7f1b67c898a2bb37ab6c8dfbf121fdc
          • Instruction Fuzzy Hash: 80213071F002599BCF54DFA9D88048DFBF6EF89350B15822AE919AB214DB70B906CB91
          Function 06834510 Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23c66c674b6a75fdc5febb63559fafbd0c9569685495f253ead9628c8cc71de1
          • Instruction ID: 8f8dd71dc852da14c2a24059eb82c40b721ffc03d922eb92bf7c3caab8f07664
          • Opcode Fuzzy Hash: 23c66c674b6a75fdc5febb63559fafbd0c9569685495f253ead9628c8cc71de1
          • Instruction Fuzzy Hash: 9821813970011A9FCB05EB69D99497FB7B7FBC8650B108515D81993348CF30AC128BD2
          Function 060E68FD Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5d4bce0cba36e8fee859f1d056ea38cf6cbb03ba04c0422e0c2b00da15bb4dd4
          • Instruction ID: 1c1a36275aa6bc45149024d6b8d001c8a1046e4271e50935985f94414b0ebc59
          • Opcode Fuzzy Hash: 5d4bce0cba36e8fee859f1d056ea38cf6cbb03ba04c0422e0c2b00da15bb4dd4
          • Instruction Fuzzy Hash: A6312870A502258FDB28DF39D984A59BBB2FF84314F1085E9D10D9B266CB30DE82CF91
          Function 00F2FE73 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2e6feaa1c020c320ac28f5a22f83fe4828a628fdecb447898876f4bb3fad9139
          • Instruction ID: 580d751a546222dcb675463973ef432e8c28b5af8c46e0e6803e8f6a11824d8a
          • Opcode Fuzzy Hash: 2e6feaa1c020c320ac28f5a22f83fe4828a628fdecb447898876f4bb3fad9139
          • Instruction Fuzzy Hash: 38213076404140EFCF068F84DAC0B55BF72FB48314F2482A9EE080A66AC337D469EB51
          Function 00F76D90 Relevance: .1, Instructions: 67COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f128dfe87c0e89dd767df320e869423a6ad37437a05b7bc507ed162b66cbdec
          • Instruction ID: 602c357316b939c37f9f1e4fbc4aaaefdd812b7d1f2459c9a29f7a9dc5ca4f5a
          • Opcode Fuzzy Hash: 5f128dfe87c0e89dd767df320e869423a6ad37437a05b7bc507ed162b66cbdec
          • Instruction Fuzzy Hash: FF219335F006199FCB14DB69D88099DB7B6FFC9310B518259E514AB364DB70B806CB92
          Function 060E97D0 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 73e6e7a8e0be6adc53d683e087ee53cc596c5c5fef31d0611c61858b531f0412
          • Instruction ID: 1aa5e177c162b21fdfd56816b8c106e254d62cff06b62f5ec369c2b746d65d34
          • Opcode Fuzzy Hash: 73e6e7a8e0be6adc53d683e087ee53cc596c5c5fef31d0611c61858b531f0412
          • Instruction Fuzzy Hash: 6E213E30A00219CFCB59DF64D995ADEBBB6FF88320F104569E806A7365DB74AC41CB90
          Function 060E1E48 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b81636b9432293d5aa38273b9b09377b8d98a6d9ef263697590369c5a46286d2
          • Instruction ID: c709008e84cda41aa5c56aebd6105139c0e686c230d20f11c800abcd6f561f42
          • Opcode Fuzzy Hash: b81636b9432293d5aa38273b9b09377b8d98a6d9ef263697590369c5a46286d2
          • Instruction Fuzzy Hash: 62118175B402289FDB51CE59E881AEDBFF5EB48250F104895E854A7640DB34E940CB90
          Function 060E787F Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a235da53b4ff033bd0608c41fa8271d6fa1698bb0907d4a200e11c9ee47de35e
          • Instruction ID: afda4b84fb9323a84576a105627cb5ffb3c822c8cbb4f6bc9309d6a81eab1cbc
          • Opcode Fuzzy Hash: a235da53b4ff033bd0608c41fa8271d6fa1698bb0907d4a200e11c9ee47de35e
          • Instruction Fuzzy Hash: C2217974A002298FCB65DFB4C985AEDBBF2EF48320F244469D441BB391CB759E41CBA0
          Function 060E7890 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b214123c763068c64d60cdd206e54739096f84a1c2326bf2acb1b2957fc21e8a
          • Instruction ID: bc8bc20821fd770a79b6efc0bac890c944a79f6e78b2787850e350d027f4f077
          • Opcode Fuzzy Hash: b214123c763068c64d60cdd206e54739096f84a1c2326bf2acb1b2957fc21e8a
          • Instruction Fuzzy Hash: DE213A31A002298FCB55DBA9D545AEDBBF2EF88320F1440A9D401BB351CB36AE45CBA0
          Function 00F7786B Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2fadb0526fdfa6088fbaff139e948a40998d4296ee4a86b572b5dddab7dda944
          • Instruction ID: 8437d29ae345e39761c82608bdb6c0594a90b9f3859fbbb5d2d6f9f4f8a48932
          • Opcode Fuzzy Hash: 2fadb0526fdfa6088fbaff139e948a40998d4296ee4a86b572b5dddab7dda944
          • Instruction Fuzzy Hash: 2C117F31B057544FC729AB64E81472A7BB3EF85720F14C99ED84A87792DE34AC41C7C2
          Function 00F2F863 Relevance: .1, Instructions: 64COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f41ff768a317dafb186ee7db219fc95e6244b94ed4366345784795026678f249
          • Instruction ID: 8ce45fbd447a41ce5eea96a8bf383e86e035db704b734f7623f3b00483c58867
          • Opcode Fuzzy Hash: f41ff768a317dafb186ee7db219fc95e6244b94ed4366345784795026678f249
          • Instruction Fuzzy Hash: 7F21B076400240EFCF12CF40D9C4B55BF72FB48320F2482A9ED490A62AC336D8AAEB51
          Function 00F77D85 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0c219c9ede0f35d2a06136e2468dc662c4d11732bd22b71cf33a320763772be7
          • Instruction ID: 27b58aa4c97afbcab56fc595aa41d67251967efe833ef7c0f54ce3914b985149
          • Opcode Fuzzy Hash: 0c219c9ede0f35d2a06136e2468dc662c4d11732bd22b71cf33a320763772be7
          • Instruction Fuzzy Hash: 20110134B082089BCB04AB75EC584BEBBB6EFC8710B00802AE405C3345DE744C12E7D2
          Function 0683F52B Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e0bf6b9a613cb8a6fdc7cc9bb96bd136fac49574b3b6c4ffa4c3dcb6486deb08
          • Instruction ID: e9cc5ee170339856b73a35f3a674545f616958cf34280424c01446e4af1b2574
          • Opcode Fuzzy Hash: e0bf6b9a613cb8a6fdc7cc9bb96bd136fac49574b3b6c4ffa4c3dcb6486deb08
          • Instruction Fuzzy Hash: 8D212971E11168DBDB44DFA9D858AEDBBF6BF8C300F11801AD551B7290DB704811CFA6
          Function 061B05B8 Relevance: .1, Instructions: 62COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e3ceb67049e495e7191abc97fe3a6a63fe217b951bbc330a1fed34e11cc959ed
          • Instruction ID: a56507e15d7b9eaa59e33fc82eda1ce0dfaf77743a46f8e5a0bc163d31b8f117
          • Opcode Fuzzy Hash: e3ceb67049e495e7191abc97fe3a6a63fe217b951bbc330a1fed34e11cc959ed
          • Instruction Fuzzy Hash: 80213E74E04209DFDB44EFA8C8809AEBFF1AF8D310F505999D845AB351DB305E85CB91
          Function 061B5270 Relevance: .1, Instructions: 62COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 08c4193093dc2a48530b49b91f6e03bd51c25629a855d7a09cd9aad8e5cf448b
          • Instruction ID: fa52c3bf889b76e8645f8d7b375fea0ef32c3732ce8d3720e50a663cc564ab2d
          • Opcode Fuzzy Hash: 08c4193093dc2a48530b49b91f6e03bd51c25629a855d7a09cd9aad8e5cf448b
          • Instruction Fuzzy Hash: 521104717252811FC7429B7D8C5099F7FA6EF8621071446B6E404CB362DB28ED0683A1
          Function 061B81A6 Relevance: .1, Instructions: 62COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e234a0ff15f80875743afc4aa9c700db3898d33f9ee761dc48fce1c88201b725
          • Instruction ID: 82436fca6fef04118bd321751eb34a9766fbf44e5ea0db7eed96bc31e85ae11e
          • Opcode Fuzzy Hash: e234a0ff15f80875743afc4aa9c700db3898d33f9ee761dc48fce1c88201b725
          • Instruction Fuzzy Hash: 37212730A0010DDFDF89DEA4D884AEE7BBAFF88750F149065E912A7260DB34D951DBA0
          Function 060E58E2 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ccd2992a612068bd73c2720fbe7ebe495f6d81057f67d679c124e1278ebd0036
          • Instruction ID: 39e95c243803ed730f3b9c114443144a2f29112dd23442a3d4c729d9fcd3cdbe
          • Opcode Fuzzy Hash: ccd2992a612068bd73c2720fbe7ebe495f6d81057f67d679c124e1278ebd0036
          • Instruction Fuzzy Hash: EE110B76E1021ADBCF15DFA8D9455EEBFB5EF84320F04891AD411B7290DF702606CB92
          Function 060EC9D0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6142c2dcde8dccc337f3cbf1bdd5c3b6304337db14c19b08cfbaaa137e5f03f4
          • Instruction ID: 1854bcaf29cf7f356df50867e27f59b041d1f6265895ce7aa52c24d93af46185
          • Opcode Fuzzy Hash: 6142c2dcde8dccc337f3cbf1bdd5c3b6304337db14c19b08cfbaaa137e5f03f4
          • Instruction Fuzzy Hash: 08214A70E4021A8FCF40DFADD880AAEBBF5FF89310F10852AE915AB315D774A9018BD0
          Function 00F2F767 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4b4e6a3196b919fe1fd92aa714967fdf119b37ae98d4ae00650a1e9c68140dbe
          • Instruction ID: 02c2c4cecdee12891e6dcb1271dbf2e7019436273757fdca6ac7864cf9aaf691
          • Opcode Fuzzy Hash: 4b4e6a3196b919fe1fd92aa714967fdf119b37ae98d4ae00650a1e9c68140dbe
          • Instruction Fuzzy Hash: EF219272804240DFCF06CF50D9C4B56BF72FB48324F24C2A9DD494A656C336D42ADB91
          Function 0683B520 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e84b41b347d32559e353c0a28feb071059a33ed8e1b156a2e93ce615e8e318c3
          • Instruction ID: 4d6ce87fe903cd3cba755f2642ca6c7e63d634d546786cbdcb13a4d4bb013dea
          • Opcode Fuzzy Hash: e84b41b347d32559e353c0a28feb071059a33ed8e1b156a2e93ce615e8e318c3
          • Instruction Fuzzy Hash: EE11B272E006099BCB11DFA8D8404DDFFB5EFD5311F11862AE155B7250EB31295AC7A2
          Function 00F72E40 Relevance: .1, Instructions: 60COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3a4362978710a62fe66de059dcd1783381ec01774a23bdc94eaa97a6525051ff
          • Instruction ID: a76a50aa6e7aef7c33f9dea8d964f0141e337d392a5053342a5ee64e7aa79b08
          • Opcode Fuzzy Hash: 3a4362978710a62fe66de059dcd1783381ec01774a23bdc94eaa97a6525051ff
          • Instruction Fuzzy Hash: E5213074A02308DFD704EFB0F558A9C7B72FB88315F544598D5419B285D776AE92CB40
          Function 060E97E0 Relevance: .1, Instructions: 59COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 07ccd287e28442497321442c26d61e285a9d3c9cd11fcb08c68a8c4f2339bb93
          • Instruction ID: 0fe22bb39d5c40c0210b40effba1a5fecac8918eb058f00e7eb7aa2fd73e5d87
          • Opcode Fuzzy Hash: 07ccd287e28442497321442c26d61e285a9d3c9cd11fcb08c68a8c4f2339bb93
          • Instruction Fuzzy Hash: DB21FF30A00219CFCB58DF64D959A9DBBF2FF88320F144569E406A7365DB74AD85CB90
          Function 060E3FAD Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e0d625c381abef65bd7bf543ec7524575b458350708c11d67f410dc292efa79
          • Instruction ID: ece5dbdf0e6d3e74dda1f7d6bce4e8ee162544ee613b7470e6eadc51848a69f5
          • Opcode Fuzzy Hash: 3e0d625c381abef65bd7bf543ec7524575b458350708c11d67f410dc292efa79
          • Instruction Fuzzy Hash: C611A372E0521A9BCB16DFF8CC804DDFFB6AF89350B154626D10177160EA702E19CBA1
          Function 06837E88 Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 15a43897d1aedc461b364a94d044644965bad9ac90b1cde540d9ece18a42a106
          • Instruction ID: e009de37c41a64e34926e4f8b65c0ed83ec0673e6ef6de2e4abee58adb66aee6
          • Opcode Fuzzy Hash: 15a43897d1aedc461b364a94d044644965bad9ac90b1cde540d9ece18a42a106
          • Instruction Fuzzy Hash: 8011E6B1E006AA8FDB00DFB5C8042FEBBF2AF85200F144159DA48F3240E7B48749CBA1
          Function 0683F538 Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55d72ea081dbf00b6682642014eb374323e8c59324b7cf303cb70131457b0edf
          • Instruction ID: e259994e05b9e7d4bd35591572eca39a953092fddbb375584bb5ef5161a2d959
          • Opcode Fuzzy Hash: 55d72ea081dbf00b6682642014eb374323e8c59324b7cf303cb70131457b0edf
          • Instruction Fuzzy Hash: 8D11E771E11168DBDB44DFA9D858AEDBBB6BF8C300F11802AD911B7390DB744811CFA1
          Function 060E2398 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e9388c47700ad42e60c9143613dd8fbd0375e017e42ee4370d9326c3e10c74a2
          • Instruction ID: f5a8f4739475dbabad9b94f93e4c43803d5109a778dacf8d59dc3e2a31a43f70
          • Opcode Fuzzy Hash: e9388c47700ad42e60c9143613dd8fbd0375e017e42ee4370d9326c3e10c74a2
          • Instruction Fuzzy Hash: 7A119872E0020A9FCB11DFB8D8804CCFFB1EF95710B258616E51477020EB707A46CBA1
          Function 0683D4F3 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 285840e582a2fa40fde67827599ebea57d973f205f208f16409b52da82e31fd2
          • Instruction ID: b617b786653e77cbcf509fd3399cf4243375789de670f629dc3390eddbcc0e10
          • Opcode Fuzzy Hash: 285840e582a2fa40fde67827599ebea57d973f205f208f16409b52da82e31fd2
          • Instruction Fuzzy Hash: BB119472E053499FCB12CFA4C8804DDFFB5EF8A310F154656D50177261DB702A4ACBA2
          Function 060E70A1 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9003f31dac400f186f23bb5ac727347ad7ffd2ebf9e750aed7bbe249f0417f20
          • Instruction ID: 2e745446980de0101e66aa559ec42fed3e37d25089bb82f9a7b06dca010f056f
          • Opcode Fuzzy Hash: 9003f31dac400f186f23bb5ac727347ad7ffd2ebf9e750aed7bbe249f0417f20
          • Instruction Fuzzy Hash: DF11AD71B50221DFCF91EBADD8412AEBBF1EF88250710497AE605D7240EB329956CBC0
          Function 060E1938 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3d25866e4899242472b55f62f788059de14acb0e1a5214d7dcde017629802942
          • Instruction ID: 4b3efe0041bd7e40152bc30a5362fa518ed062c25f824c8c9c042d9f2f5d5718
          • Opcode Fuzzy Hash: 3d25866e4899242472b55f62f788059de14acb0e1a5214d7dcde017629802942
          • Instruction Fuzzy Hash: FD0124323442219FD7518969E840ABABBE9EBC0265F5480BBE508CB281C635CAD4C3E0
          Function 061B47F0 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 16a5e3efab9d76b9f9ccaf1891039ab73e39d21cc885d5f8a1ebbcb4dbce7437
          • Instruction ID: 9546ace69108e7db5a0e642fba1e047d9154a1beb741c09a3d0357ee2b0d8386
          • Opcode Fuzzy Hash: 16a5e3efab9d76b9f9ccaf1891039ab73e39d21cc885d5f8a1ebbcb4dbce7437
          • Instruction Fuzzy Hash: 5F11E9756093919FC3578664DC10852BFB6AFC631031986EAD8848B36BD732DC47C7D1
          Function 061B05C8 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 626f9338b6ce4fc9a9cbee61e7bbe68e167ebabd008ae0727e5a0aca33b5a23c
          • Instruction ID: 0f8b9f09b8bef837f06a54c873e57c55bd9f169df1dc9ee3107fb79758c54a63
          • Opcode Fuzzy Hash: 626f9338b6ce4fc9a9cbee61e7bbe68e167ebabd008ae0727e5a0aca33b5a23c
          • Instruction Fuzzy Hash: 3821B874E002099FCB44EFA8D8919AEBBF1AF8D310F505999D945AB350DB30AA81DF91
          Function 00F72E50 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 713562976743abfb59acbd4d400954efcead1a63460546ebacc694d0e4a64510
          • Instruction ID: 6c1bbda14d00782b322e8f38d318845463fe5428034826665ee046b81bd9cb2f
          • Opcode Fuzzy Hash: 713562976743abfb59acbd4d400954efcead1a63460546ebacc694d0e4a64510
          • Instruction Fuzzy Hash: BE210074A01308DFD704EFB0E599A9D7B72FB88315F504598D5419B388DB76AE92CF40
          Function 060E2301 Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1d3e1a7f96ece43c0ab6c526301d0d7a165f0bf8772bd35bf8ed29267fbfae07
          • Instruction ID: 47ccd2f785a81d755fb4660a193e4c412a391ccb3a620410a4e2c87050a13397
          • Opcode Fuzzy Hash: 1d3e1a7f96ece43c0ab6c526301d0d7a165f0bf8772bd35bf8ed29267fbfae07
          • Instruction Fuzzy Hash: E1117032E1060A9BCB16DFA9D8808CDFBB6EFC9310B158626E11577160EF703959CBA1
          Function 060E5FC2 Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb83479f22afdf43137d43fa232a3fd7e4d30d1f61a619d120aa1d56f1821b66
          • Instruction ID: e389da574d9af1423e99f98b7d0caa268b0d514ddde0d99ff33a914711df8ff7
          • Opcode Fuzzy Hash: cb83479f22afdf43137d43fa232a3fd7e4d30d1f61a619d120aa1d56f1821b66
          • Instruction Fuzzy Hash: BF119176E103199BCB11CFA8C8804CCFBB5EF89310B21461AE414BB250EB70365ACB52
          Function 00F7E170 Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30315a811dcebabf68c3e021bd1f25fe3374410f26444e24d8ae10b366238abd
          • Instruction ID: f9d3becbec5a55f9f0f49eb302f6a864c64d803aa31e9bfdd387c96590719bbc
          • Opcode Fuzzy Hash: 30315a811dcebabf68c3e021bd1f25fe3374410f26444e24d8ae10b366238abd
          • Instruction Fuzzy Hash: 90118F32E00619ABCF01DEA8D8444DEF7B6FF89310F52865AE90477210DB706A45C781
          Function 060E70F7 Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1089777dc02347893548c4a5d599f2cc155e6e702a13f3a95810bdd1a44ac920
          • Instruction ID: 30852e8523562fd584981911608ea86931373b97a6ef87ee81e28a2b8f571dad
          • Opcode Fuzzy Hash: 1089777dc02347893548c4a5d599f2cc155e6e702a13f3a95810bdd1a44ac920
          • Instruction Fuzzy Hash: 6211A575B4521AAFCF41CFE8D9549AEBFFAAF88210B18C05AE948D7241D730DA05C7A1
          Function 00F7E161 Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 43746b9055b1eacecd6b5e5ef3bdf442d3a39bc31843b43ede503cf63c4aebd7
          • Instruction ID: c35a24744fb8d8c2633222690fada4e2e1c5c1fc7ae40e945f04c30c5efb8e0e
          • Opcode Fuzzy Hash: 43746b9055b1eacecd6b5e5ef3bdf442d3a39bc31843b43ede503cf63c4aebd7
          • Instruction Fuzzy Hash: 3111C232E10619ABCF01DEA8D8444EDB7B6EF98350F12865AE404B7250EB70AA85C781
          Function 06839D38 Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4f2ad547955f21b035ee90a7c042bfd5e45dd0eba0d125e007f7c1f1cbc2a440
          • Instruction ID: e32a44920772015401d8314a0e1d82bb8a8db0d7d96459f59230f47664760b02
          • Opcode Fuzzy Hash: 4f2ad547955f21b035ee90a7c042bfd5e45dd0eba0d125e007f7c1f1cbc2a440
          • Instruction Fuzzy Hash: 5D110432E1175A9BCF01CBA9EC444DDFBB6EFC6310B114626D514B7250EB70350AC7A2
          Function 060E4C48 Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 668707c95e4027129e36b7bc824771aecb9010d3947872f262d9adae8dfa3ab5
          • Instruction ID: ae96ca28d410fc2f4b3af40a3503c0a1ce5ae2f7989d8cda84062067eaed54de
          • Opcode Fuzzy Hash: 668707c95e4027129e36b7bc824771aecb9010d3947872f262d9adae8dfa3ab5
          • Instruction Fuzzy Hash: 7E118B72E0061A9ACF028BA9D8800CDFFB2EF89210B158626E10477251EB7035498BA2
          Function 00F2D673 Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
          • Instruction ID: 1c2d916ee2d463c1a8889e2ac8c9a1fe5dc9f8b57567a3eccb0c746f521d33f0
          • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
          • Instruction Fuzzy Hash: 2511BE75904280CFCB01CF10E5C4B15BB61FB84324F24C6A9D8494B656C33AD81ADB51
          Function 00F2D45F Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
          • Instruction ID: 2fcc039990a5c0e3a46a35d771005515098536360b874e8ac85bd6893f10f93d
          • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
          • Instruction Fuzzy Hash: BF11DD76904280CFCB01CF24E5C4B15BBB1FB84328F28C6AAD8494B656C37AD80ADB61
          Function 00F2D78B Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472881551.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f2d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1d83059ff187c22e3bca89aa6d0a7c180522d0170c37a0a04a994941a968178a
          • Instruction ID: daddc90981cd99cb369236d32af4f5ce796e7cc53bfc7b58455e3cf48c5e6568
          • Opcode Fuzzy Hash: 1d83059ff187c22e3bca89aa6d0a7c180522d0170c37a0a04a994941a968178a
          • Instruction Fuzzy Hash: 5C11E775904284CFDB11CF14E5C4B55FF71FB94324F28C6AAD8494B656C33AD80ADB91
          Function 061BBE20 Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1e9cb88713c8ae65b8a74f098eb0765daa328978bf6e772bf1cdfb66465cd4f2
          • Instruction ID: c73163d6c03284cf427ae82eeb794540c82e3772e07b33bb6bb2c25ecb7e96cd
          • Opcode Fuzzy Hash: 1e9cb88713c8ae65b8a74f098eb0765daa328978bf6e772bf1cdfb66465cd4f2
          • Instruction Fuzzy Hash: E3012637A05109ABCB058A64DD129EFBFB69F44311F054967E212F7AB0DF31560AC3D1
          Function 060E4367 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b3b4bb95eb956d0447b0815a337c2bc2c36d6bad8e0f0e3c9e71053dd60cfbc7
          • Instruction ID: 70bbefac50d998af3e548906a3d0ff558a7ad0822f3f66896064b4456e51b504
          • Opcode Fuzzy Hash: b3b4bb95eb956d0447b0815a337c2bc2c36d6bad8e0f0e3c9e71053dd60cfbc7
          • Instruction Fuzzy Hash: AF118872E106195BCB15CFB9DC404DDBFB6EFC9210F194626E11477160DB70255A8B61
          Function 060E63B0 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 72e228d9e39e4817fc54fad8b8bf5495177d32076b0402edb613f24d5d2a184e
          • Instruction ID: c14bfa3d83bf5d8474ca56e6c055ba47c2898fad89397f194c78dde2ae1537cb
          • Opcode Fuzzy Hash: 72e228d9e39e4817fc54fad8b8bf5495177d32076b0402edb613f24d5d2a184e
          • Instruction Fuzzy Hash: FE1134B1E502288FDB54CF98D950ADDBFF2AF88314F1041A6D404BB250CB76AD81CBA0
          Function 0683C718 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 98036992d51df0e95a8640b40a32bfb5156ef3dc163bcbabef6756ba1db42b70
          • Instruction ID: 2dcf07a0bb0bb5c18a984e5fc0ba4f17babed2881c7a134078d60871186c42d0
          • Opcode Fuzzy Hash: 98036992d51df0e95a8640b40a32bfb5156ef3dc163bcbabef6756ba1db42b70
          • Instruction Fuzzy Hash: 32114835B002288FCB44DBA8D458AED7BF5EF88720F140069D906F7390CB749984CBE1
          Function 060E18F9 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2bc7eb4faebd738b28f32292a8a6d4f002e7c7508c295049853e1604e0928c23
          • Instruction ID: 5e3cb3953a7de9b8abb9b78282589842e5a2e79940eaf1c4b5a5eab070c1c202
          • Opcode Fuzzy Hash: 2bc7eb4faebd738b28f32292a8a6d4f002e7c7508c295049853e1604e0928c23
          • Instruction Fuzzy Hash: EA01F775B402108FC3018B6CED4085ABBE6DFC422832889AFE14EDB326DA31DD42CBC4
          Function 0683C5D0 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d845407f89df12b45ec1e67f4602076c3868e7dd4101bf249e6b4ab410270bd4
          • Instruction ID: b808a1694f02ab5ef9b93a0006f6fc20d2f0e031cebda83b428e82480fb17313
          • Opcode Fuzzy Hash: d845407f89df12b45ec1e67f4602076c3868e7dd4101bf249e6b4ab410270bd4
          • Instruction Fuzzy Hash: EA111871A002298FCBA4DF79C54096EB7F1AF48254B1145AEEA56EB390E732DA00CBD0
          Function 060E5432 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 69e5822438b2e2f266428b2162dcffd6358655f14793ec63c88e53a7cbf17c95
          • Instruction ID: d017b3efcef9e4c955b02baadadbefa4995a9347a8d785f6e7d03190746dd561
          • Opcode Fuzzy Hash: 69e5822438b2e2f266428b2162dcffd6358655f14793ec63c88e53a7cbf17c95
          • Instruction Fuzzy Hash: C9018072E107499BCF16CBB9DC804CDBBB6EFD9310F154616E10477150EA703559CBA2
          Function 060EEB0F Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b8302139a2448722e1b9db09b5f2c9765214f8243e9b02ab08151b289ce8ce89
          • Instruction ID: 577e201041d7a47cb240dc57a693329fc2c14137af802b387f5c7f1c2e5865dd
          • Opcode Fuzzy Hash: b8302139a2448722e1b9db09b5f2c9765214f8243e9b02ab08151b289ce8ce89
          • Instruction Fuzzy Hash: 2301B530E40319EFEB549B60DC1A7FE7FB2EB88321F140029E401B6281CFB50980DBA1
          Function 061B96B1 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4fb785ef4348485569f81e61deecdfdbefb4c444611ee747be15c417ff6d9375
          • Instruction ID: 57cb6934e9e4ac9d6495bb5c92d6b8d855c083dc127389dff56a0807a140c29d
          • Opcode Fuzzy Hash: 4fb785ef4348485569f81e61deecdfdbefb4c444611ee747be15c417ff6d9375
          • Instruction Fuzzy Hash: 69017B76A462510FD325CF34EDC27F27FD4AF01300B0944EAE6D88B462C324E656C7A0
          Function 061BA9E0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04c229a458747bab2b9bf6ee1ee010a4c03be703306cb99abcf838fe1c5959c7
          • Instruction ID: 3ad74cb993fa47c6ae95a117bf5b00a65439a98bca4291f0ad1d1ba57cde6376
          • Opcode Fuzzy Hash: 04c229a458747bab2b9bf6ee1ee010a4c03be703306cb99abcf838fe1c5959c7
          • Instruction Fuzzy Hash: FF1182317047508FC7259738D448BAABBD6EF81315F14C86AE49A47252CB75E886CB90
          Function 00F76E48 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 89a89cff9ac4da40c4ba948f8839851dd2a7b95aa0ef72eb57a4334b3f80508e
          • Instruction ID: d6bc8bb3070f2076afd15fb5911288e939756ce874e8b78efe965d4f6732df71
          • Opcode Fuzzy Hash: 89a89cff9ac4da40c4ba948f8839851dd2a7b95aa0ef72eb57a4334b3f80508e
          • Instruction Fuzzy Hash: 4601C471A102199FCF04CBA4C841AAFBBF6AF48350F04886AE406EB345DBB0E9049BD1
          Function 060E63A0 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff9260db2ec446eb766694bb860812b236abf0de0996e71410a1d44772413172
          • Instruction ID: 38d4ea5f6bf6cf98065d3356736a15c84bb106857a57c396d12b7edb54d1ab32
          • Opcode Fuzzy Hash: ff9260db2ec446eb766694bb860812b236abf0de0996e71410a1d44772413172
          • Instruction Fuzzy Hash: 95116AB1E502298FDB15CFA4D961ADDBFF2BF48310F14866AD440BB291CB359D81CBA0
          Function 060E3FC0 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9cd625987d8ffa0596d3a59923d0391127d94544526ee4ccab22a2550ba6c54f
          • Instruction ID: 2d4b3b6ad81917e05d68b85122e18c4d5c3d37d7a3bdd42c101a44bef6c2cb50
          • Opcode Fuzzy Hash: 9cd625987d8ffa0596d3a59923d0391127d94544526ee4ccab22a2550ba6c54f
          • Instruction Fuzzy Hash: 25016972E1060A9BCB11DFA9C8804CDFBB6EFC9310F214626D11177160EB703A4ACBA1
          Function 060E28B0 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04b7b8dfd48aa4a97d9306d9778af41eb289c5c1b94754fb3c189763a384fb72
          • Instruction ID: 40d31a2e691bcdcae00fb9053cc016212e3fbf451548beda28b4a520c6b8f67f
          • Opcode Fuzzy Hash: 04b7b8dfd48aa4a97d9306d9778af41eb289c5c1b94754fb3c189763a384fb72
          • Instruction Fuzzy Hash: 1F01DF70A05325AFD7559B6C989586EBFEDEF86624304086EE446C7342CFB09D01C7D0
          Function 00F7BAF8 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 61324f69a1eaf83e2c1a5a094a78cb3a2db7bc35e63fc72866cfbd6acbea244c
          • Instruction ID: 7720ee4abc39fec866131cb816510aa8584267a500a1ff1467dc7047b06562b6
          • Opcode Fuzzy Hash: 61324f69a1eaf83e2c1a5a094a78cb3a2db7bc35e63fc72866cfbd6acbea244c
          • Instruction Fuzzy Hash: BB1182B1E04209CBEF10EB6DE8157AE7BB6EBC9310F008436D405A6294DB785546DBA5
          Function 060E3F11 Relevance: .0, Instructions: 47COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1705e0c48d6c017a65b86c081c8e5d403c5e3ffbe6b4b0b34cdb1cdcddca6f01
          • Instruction ID: ac9a7dcccf0b158e0a100d4f2a08c7d6ec8267bbf41306781f1be4fb476c479a
          • Opcode Fuzzy Hash: 1705e0c48d6c017a65b86c081c8e5d403c5e3ffbe6b4b0b34cdb1cdcddca6f01
          • Instruction Fuzzy Hash: 39013931A50129CFCB98CFA4CD687ADBBF2BF48211F14442AD406E7260CF789901CFA0
          Function 060E1810 Relevance: .0, Instructions: 47COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f2752af0bb5b983c4f60fa2d1c1bdff6e14f7e5cef7aacf06d6101e4d2b68bd0
          • Instruction ID: aa9f071128d767b75cf7f183831a2b75b18f0f3645bd088cb11a844c4654ca66
          • Opcode Fuzzy Hash: f2752af0bb5b983c4f60fa2d1c1bdff6e14f7e5cef7aacf06d6101e4d2b68bd0
          • Instruction Fuzzy Hash: 7B019232D1075A9BCB11DFA9DC804CDFBB5EF8A310F154A5AD10077150EB70350AC7A2
          Function 061B2CA7 Relevance: .0, Instructions: 47COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f19b42a4ff11bdc14ea6a4041aa77b36cb90b87157a21027b210ca409167a0cb
          • Instruction ID: 255da82fa8c39c561e38b4d65bdebb2c0ff031004b894488c7d607ce45ae9075
          • Opcode Fuzzy Hash: f19b42a4ff11bdc14ea6a4041aa77b36cb90b87157a21027b210ca409167a0cb
          • Instruction Fuzzy Hash: 0201D6357092455FC754CA69E890ABBBBE9DF89260B14807AEC09C7751EF30DD01C351
          Function 060E4C58 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 863b846b2d05711e80aa7b50b99a6ac0f00cfcd97a72f1ea9986f23bfcebe7a5
          • Instruction ID: a47494857a7068154b2584e95feaf6341728c22c6f7f5c99ec5580eb2b17c028
          • Opcode Fuzzy Hash: 863b846b2d05711e80aa7b50b99a6ac0f00cfcd97a72f1ea9986f23bfcebe7a5
          • Instruction Fuzzy Hash: 74015E72E1061A9BCF159FAAD8800CDFBB6EFC9350F254626E11477250EB7035498BA2
          Function 00F1D601 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472631728.0000000000F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f1d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 63ee0652855a3ec52c320a5d855e72f7791e39c4ee702c98fe69868a6f8d4efb
          • Instruction ID: 5696788c5daa01142169222c2c4ee30be47f24c58495b9fd95fb8179c8784a2e
          • Opcode Fuzzy Hash: 63ee0652855a3ec52c320a5d855e72f7791e39c4ee702c98fe69868a6f8d4efb
          • Instruction Fuzzy Hash: 3C01DB714053449AE7104F15DDC47A7BFB8DF51374F28C55AED0D0A286C3799C84EAB1
          Function 061B4CA8 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04681717b9639adf13eddb39ea659ec7fdf3d173a5252d79531f90ade854647b
          • Instruction ID: f008cc0853cb83e04b6f0412f64deeecb460c78546a5dc94f9239cc31aa39f60
          • Opcode Fuzzy Hash: 04681717b9639adf13eddb39ea659ec7fdf3d173a5252d79531f90ade854647b
          • Instruction Fuzzy Hash: FFF024327051280F67889B6DAC8497FB7EAEBC4970314013BE809C3362DF21CC0693A4
          Function 00F77E20 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55803d336be800069e4c5a66d92e5ed3c8f21572f063b7c4d78211a62dd653cd
          • Instruction ID: 7fccfc7e6dac3a8697727e97f6cdda8b91961fe168f027e7f1982d6c156b3887
          • Opcode Fuzzy Hash: 55803d336be800069e4c5a66d92e5ed3c8f21572f063b7c4d78211a62dd653cd
          • Instruction Fuzzy Hash: AC01A239B142159FDF08ABB0EC690BE7FB2EBC9310714806AE506C7296CD384C16E791
          Function 0683EF10 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3799dca0ebda0d6eea7db56c75b82d61e9bc6020ddfce31fa8f1b2ee65ffa55c
          • Instruction ID: 6ea4ba3a2f570020ccef2cadff1c32426a820eb63b671e0aff92b4c1a6d8c14b
          • Opcode Fuzzy Hash: 3799dca0ebda0d6eea7db56c75b82d61e9bc6020ddfce31fa8f1b2ee65ffa55c
          • Instruction Fuzzy Hash: 59017171B102199FDF14DBA8C8559AFBBF6AF48350F05856AE406EB354DFB0E90487C1
          Function 060EB090 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: de907e90a951010569b31d0d4560bfff176768760dbec3f2c27ba0637253e8bf
          • Instruction ID: 9af9e0219b43bae12ddf7c7e62c5ef959e6d3084e5cb66a6dabe7763042003d3
          • Opcode Fuzzy Hash: de907e90a951010569b31d0d4560bfff176768760dbec3f2c27ba0637253e8bf
          • Instruction Fuzzy Hash: 0DF028312042011FC756DB6CE8D0989BBE6EFC93203208E6AF408C7219DF646D56C7D0
          Function 060E5852 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e5e00d07f0268dc5bde80ebfe7d484170859105f6242f77856f58954b4ef76a
          • Instruction ID: 70fbe3767b4eb0edd7e0a5061c60a58bf4d123c127ad2cc9e75593ff732391ad
          • Opcode Fuzzy Hash: 6e5e00d07f0268dc5bde80ebfe7d484170859105f6242f77856f58954b4ef76a
          • Instruction Fuzzy Hash: 65019E32E1071A9BCB15CBB8DC814DCBBB6EFCA300B154656D010B7250EB70354A87A2
          Function 061B4820 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a5714aaea2823ed6cadfed5a2375c4eaf0d899684d54365fd49cfe1f5ad6866d
          • Instruction ID: f5be5965ea0547ef2f34ccffd1f36fedfff8b2dd73ab08fe7a18357afbbfe403
          • Opcode Fuzzy Hash: a5714aaea2823ed6cadfed5a2375c4eaf0d899684d54365fd49cfe1f5ad6866d
          • Instruction Fuzzy Hash: ED01F935B002128BC794DAA9E800856F7EAEFC4220314C579D908CB70DDB32EC43C7C0
          Function 00F7AAB7 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 46ec08ff694759c3e94011d5309638d2a21461303ae20fc4345ef68e456a20db
          • Instruction ID: 26565c300cbe915b33fb5f57f7bc230e2801679e93965d3358b1ca388a8fea1c
          • Opcode Fuzzy Hash: 46ec08ff694759c3e94011d5309638d2a21461303ae20fc4345ef68e456a20db
          • Instruction Fuzzy Hash: D6F028617002202FC316A6B8691076F3AD79FC5350F24847ED04DD7392DD25CC4653A2
          Function 00F76C0F Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1670cdd57a048dae93079289ab8a599e7a063303e429a343a28656a5c94c7efd
          • Instruction ID: d3a0142733a639399fb989cfd70acf8560626d6c87763e484cc1699387253495
          • Opcode Fuzzy Hash: 1670cdd57a048dae93079289ab8a599e7a063303e429a343a28656a5c94c7efd
          • Instruction Fuzzy Hash: 8E01F7715443469BC312DB28EC5098ABF66EF82224714CA6AF4488B102DB65AE6687E1
          Function 0683E2B7 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a0ea2b6fa6e5e866c71458bdcb5965ee32ffb6b71f822a3401e63bc153d6086
          • Instruction ID: 82df6bc565b2bb3f918f0d8400badc38e6a562e582752fa0fe429434c067b1e2
          • Opcode Fuzzy Hash: 4a0ea2b6fa6e5e866c71458bdcb5965ee32ffb6b71f822a3401e63bc153d6086
          • Instruction Fuzzy Hash: 6301D131A046218FC725AB68D52456ABBF2AFC531471888AEE65AD7758CF30EC06C791
          Function 060E67A7 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82d65b5185a6391daf9bd1b3eb74b48d9bf918480ac419fc6ede2846c9c5ccb9
          • Instruction ID: 7815d2c3697d582347a448db56d54481bc324543da60999b7d78c501a3de8453
          • Opcode Fuzzy Hash: 82d65b5185a6391daf9bd1b3eb74b48d9bf918480ac419fc6ede2846c9c5ccb9
          • Instruction Fuzzy Hash: 0E11F270A502248FDB58DF29D984E98BBF1EF88324F2581D9E40D9B262D7719E82CF50
          Function 00F75785 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53dad73fd0ab43b64b62898df093e5744dd579f388438b6a53935240a92389bd
          • Instruction ID: 0f80d4ea8bb8143fe33a042857d4afd39770af584549c45abbbf817130362c84
          • Opcode Fuzzy Hash: 53dad73fd0ab43b64b62898df093e5744dd579f388438b6a53935240a92389bd
          • Instruction Fuzzy Hash: 4D01D6767093845FD306872CD840A057BE5AF8A314F198197E188CB363D6A4DC02C751
          Function 00F7BA3F Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bb579cdf7b30cb885c3a392e604e7a44ec44af329ef48c68261e76b320d15968
          • Instruction ID: d334c50884394fe1465e6cf37f051d62128bd13c1102c47b026e8582b0c7a00a
          • Opcode Fuzzy Hash: bb579cdf7b30cb885c3a392e604e7a44ec44af329ef48c68261e76b320d15968
          • Instruction Fuzzy Hash: 8AF08BB37007201BE3102A1C68457EA7BD9CB88775F10443AF80DC7280DB5D9D8743A2
          Function 060E5860 Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bc94605f303d88e729c92f983b1639d0762480dcebaa1cb94ad2515ee32242b6
          • Instruction ID: 51893756b13dee0292a55b86b8337022c65cbeb22cd448423c310a0b1dac3068
          • Opcode Fuzzy Hash: bc94605f303d88e729c92f983b1639d0762480dcebaa1cb94ad2515ee32242b6
          • Instruction Fuzzy Hash: 7501AD32E2071AA7CF14DBA9DC804DDFBBAEFC9710F114616E01077250EB70394A87A2
          Function 061BBDA0 Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb0cc0aeaa39f5a9d441e612ee2a6d550b1b1fafa8ce612f98ccd9c330c1c6df
          • Instruction ID: 801910db46cb5932bcd88d9230a529192ef6f66fe2d30ad0fbd301f29486011d
          • Opcode Fuzzy Hash: eb0cc0aeaa39f5a9d441e612ee2a6d550b1b1fafa8ce612f98ccd9c330c1c6df
          • Instruction Fuzzy Hash: 4501A232E1061A97CB11DBA9CC404CDB7B6EFC9310F214616D10077290EB703E4ACBA2
          Function 06835F58 Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c78ed6b009576b0b6fb55b885f3b8274cb9494b62f0df05d855cb1a6094be06
          • Instruction ID: 6c38e53d68a77ecf32a9c38809d8464ccad5d1834b97aae1c54a973832fbafa9
          • Opcode Fuzzy Hash: 1c78ed6b009576b0b6fb55b885f3b8274cb9494b62f0df05d855cb1a6094be06
          • Instruction Fuzzy Hash: A101A232E1060A97CB15DBB8D8404CDFBB6EFC9310F214626E915B7260EF703949C7A2
          Function 0683B5B8 Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9869e1fb69be8637e1520d4036f5c28d2525b22fedc1a0ee598130e0ca7f1430
          • Instruction ID: 6c6ac73eb53e9f75cff5fff1dbe9fb2c38d9d8ac780e7c7ec0da6b004e5db07d
          • Opcode Fuzzy Hash: 9869e1fb69be8637e1520d4036f5c28d2525b22fedc1a0ee598130e0ca7f1430
          • Instruction Fuzzy Hash: D901447292025E9BDF10DB68C4149EEFFF69F58300F504A2ED982EB294EAB0150583C2
          Function 060E404A Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8d9c5f40fa767d71b21a72040d3e428a07f811fc2f05b5b99cd282642741a961
          • Instruction ID: 0e62da6a9a068dc11c351c3fec3acd9f8198aa86993405c815889f24304e5909
          • Opcode Fuzzy Hash: 8d9c5f40fa767d71b21a72040d3e428a07f811fc2f05b5b99cd282642741a961
          • Instruction Fuzzy Hash: A8F022769101169BDB24DBB4C452AEFBFF69F88301F10492AD102F7380DE705606CAD2
          Function 060E6DAA Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09ad32d6f7d282bc97f685712f251b51d28957bc63fea4dc2f4a17458a52a49c
          • Instruction ID: f2b0e4f2b2c1fe2807760483a9870b96b56270ecc379f09839c26957eddf5faa
          • Opcode Fuzzy Hash: 09ad32d6f7d282bc97f685712f251b51d28957bc63fea4dc2f4a17458a52a49c
          • Instruction Fuzzy Hash: 5A11B074A50625CFEB94CF28C988F587BB1AF58308F1144D8E1099B3A2DB72EC81CB50
          Function 061BDC27 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7beb061253d70bdbf983ffebe0ee8536a20cdb501a11e4aa49f14cbd1d7c8c90
          • Instruction ID: f01f0497abfda297f70e6ede1ba9a0fe0dfeee8be3d12503a1eeaf0e00247b41
          • Opcode Fuzzy Hash: 7beb061253d70bdbf983ffebe0ee8536a20cdb501a11e4aa49f14cbd1d7c8c90
          • Instruction Fuzzy Hash: 5901F475B102108FC745AA5899507AE73B6EFC8720F14C819E6126B344DB796D06CBD0
          Function 060E605F Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0ef7d5d2de760a1414bfd12f046fb7177b6ccb5536dcc519d52482cdf08f2c9a
          • Instruction ID: 80c7fbd4c9b5d9bc1e038c5e4f7024b53275996fe11299132a373ff4a0193307
          • Opcode Fuzzy Hash: 0ef7d5d2de760a1414bfd12f046fb7177b6ccb5536dcc519d52482cdf08f2c9a
          • Instruction Fuzzy Hash: D4F0227691012ADBCB06CBA4C556AEFBFE64F48200F044826D002AB344DEB04A0AC7D2
          Function 060E3F20 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0acd14ef9826d105acc32a00553b66ed92b15d35af49becb6e1f30da998b669e
          • Instruction ID: 5b14f28d6da7189b94032a2542de484382a63797b4fa39eb56239fb3fd8126b4
          • Opcode Fuzzy Hash: 0acd14ef9826d105acc32a00553b66ed92b15d35af49becb6e1f30da998b669e
          • Instruction Fuzzy Hash: C801DA31A50129DFDF98DB65CC697AEBFB6BF88211F04402AD406E72A0DF799901CF90
          Function 060E1820 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd2edaab7a6b851982f1c41407a083d96e354334d3e28e208f469b23fe3117c3
          • Instruction ID: f161cbad30fbfae426613e4c63738ed1602b5568cfc23f1237c4e6374705cf5e
          • Opcode Fuzzy Hash: bd2edaab7a6b851982f1c41407a083d96e354334d3e28e208f469b23fe3117c3
          • Instruction Fuzzy Hash: 8D018132E2061A97CB11DBA9DC844DDFBB6EFCA310F114626E11177250EB70394AC7A2
          Function 060E1898 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d535e345d6e11c08aad9a6eeb0adcbbb12236bfe96490ba89f7213e63ecee288
          • Instruction ID: e9aebb0e45584e3064ed808c5fa97590d67213b6e243ae3e8e2d4ebda720ab6b
          • Opcode Fuzzy Hash: d535e345d6e11c08aad9a6eeb0adcbbb12236bfe96490ba89f7213e63ecee288
          • Instruction Fuzzy Hash: 0BF0F0757003008FC3128B69EC81847BBE6DF8526432489ABE58ACB322DA71ED47CBD0
          Function 061BDBA7 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e93b8990ed643ce8f5ea3fdd4303edd4d3c01cf4671d05311bedb6708a3d7545
          • Instruction ID: 879552af9a944890873b4aecb5af1e47f3ecf6895880fcf140ad64e899f3de2e
          • Opcode Fuzzy Hash: e93b8990ed643ce8f5ea3fdd4303edd4d3c01cf4671d05311bedb6708a3d7545
          • Instruction Fuzzy Hash: FAF02236B502104FCB01A6589D106AE33A7EFC8720F58882AE6126B344DF796D02C7E0
          Function 060E6917 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00a9d7b1a713ceb02e1e3db2a52b2f8a13dfc5ccd16beef15a6abb1845d596a9
          • Instruction ID: c03186259e6dfc1b8fa4040b14929cfc4c93c9d8839bef459a6c5528c4869e1b
          • Opcode Fuzzy Hash: 00a9d7b1a713ceb02e1e3db2a52b2f8a13dfc5ccd16beef15a6abb1845d596a9
          • Instruction Fuzzy Hash: 5B017C71B406148FDB18DF29D840958BBF2EFC8220B1581EAD41ECB362DB74CE428F51
          Function 00F7BA50 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b57fe90ad4d5c2eb77873fc403943bac2c85928b5791c15587e541e302fb7f4
          • Instruction ID: b85eb591c7718498ee9d9f5f52ff58fb79937975452d353d74908e82755b8018
          • Opcode Fuzzy Hash: 3b57fe90ad4d5c2eb77873fc403943bac2c85928b5791c15587e541e302fb7f4
          • Instruction Fuzzy Hash: A2F0E0B27013115BE7142A1DA805B6A3EDDDB85735F10443AFD0AC7341CF9DAD4593A2
          Function 00F7DDE8 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8a9bd16fcf40bad2712af0a764238293325d1f66c423abbd3c384f8dd3eb6266
          • Instruction ID: e138478e67cc35b22c5ee11403b6120264bce31e99931a0b5c398670c2bf2bce
          • Opcode Fuzzy Hash: 8a9bd16fcf40bad2712af0a764238293325d1f66c423abbd3c384f8dd3eb6266
          • Instruction Fuzzy Hash: 7B012C30900219DBDF15DF54C859BEEBBB2BF48714F60852AE4097B2D0CBB95D44EBA2
          Function 060E8598 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e2296c11a05c9d19acc2d010d7125084cc6038cd44949771cde2ec53f503b7c8
          • Instruction ID: 8a7571a0648613df62601fcaabe10ab3e707f766bfb2d701369ad582ec10d7c4
          • Opcode Fuzzy Hash: e2296c11a05c9d19acc2d010d7125084cc6038cd44949771cde2ec53f503b7c8
          • Instruction Fuzzy Hash: 86F0E53374411467DB195A9ABC50B7FBA8BEBC4A75F14803AF60ACF280DD26C90293E5
          Function 060E2028 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cf5dd27eebfdd99751f6767a3bb8b4a88111ee17a66a1bb3f26cccc2d6fab03d
          • Instruction ID: a74ae03e477083eb3c7efffc1774cc04daceaedf7eb4878e0d262f7bd6a0016f
          • Opcode Fuzzy Hash: cf5dd27eebfdd99751f6767a3bb8b4a88111ee17a66a1bb3f26cccc2d6fab03d
          • Instruction Fuzzy Hash: 9DF0F672A2011A8BDB14DB74C4656EFBFF69F44301F10882AD053F7281DEB09649C7C2
          Function 060E6DD6 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aecdd69aba28d0513f05f33626d25b6cc377ecafc463ffa550fcdc2e38447bbb
          • Instruction ID: 38bc75d2e919b642318d471f1c8081dacabd14722ba8045fd41b34ee6b8020b7
          • Opcode Fuzzy Hash: aecdd69aba28d0513f05f33626d25b6cc377ecafc463ffa550fcdc2e38447bbb
          • Instruction Fuzzy Hash: 4311D374A50615CFEBA4CF28C988F587BA1AF54308F1544D4D5099B3A2D772ED81CB40
          Function 060E6DFE Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3939187dd4d6121b0a3ba2ba574a583d17be49efa6b519cb4ee32cf24290b585
          • Instruction ID: b50028278bf73f34349019d7f5cb952188d5e6124043b0119d8557edbd2393cb
          • Opcode Fuzzy Hash: 3939187dd4d6121b0a3ba2ba574a583d17be49efa6b519cb4ee32cf24290b585
          • Instruction Fuzzy Hash: 4511D074A60615CFEBA4CF28C988F58BBA1AF58308F1544D4D5099B3A2D772ED81CF40
          Function 060EDA28 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 49d1fb1977755bd5506323fce9e433b22ff9f9c15bb9819e331b508bba8e7e9e
          • Instruction ID: e7f7f0ec49064a2155cb18f8b7b9a4f585b1f7c3bc3cd581a972e1da188d0ed6
          • Opcode Fuzzy Hash: 49d1fb1977755bd5506323fce9e433b22ff9f9c15bb9819e331b508bba8e7e9e
          • Instruction Fuzzy Hash: 97F0A7727442296F8BC5D6A98C408AF7FEDEB8A664305406BE105DB242DA319C069370
          Function 061B4C98 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 142522d949c93b004eefb40298a1946fdb43edc24348618ff612d74ffd32d59f
          • Instruction ID: ad6b4881776d17f309a8635d7a8e1db03c74a46055bcd0572cf569c18e0653bf
          • Opcode Fuzzy Hash: 142522d949c93b004eefb40298a1946fdb43edc24348618ff612d74ffd32d59f
          • Instruction Fuzzy Hash: 12F0E9717052181F97949B3D9C9496BBBEEEFC5960315417AE805C3362DF21CD09C3A4
          Function 00F7DDD8 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f48bccd56326c3ec1e29dc038ddba77300a740a60adefe1f8c348e33a532ad78
          • Instruction ID: 89fbb92ac9e0755a2a27af084b7257a269b0f2c184a84b1af8e18192aa6cdf04
          • Opcode Fuzzy Hash: f48bccd56326c3ec1e29dc038ddba77300a740a60adefe1f8c348e33a532ad78
          • Instruction Fuzzy Hash: EB014B719002189BDF159F50CC59BDE7BB2BF48710F60852AE40ABB290CB7A8944DBA2
          Function 060E4400 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e0e7518e35fd6da39c09567a198b171f35fc7cf91b627b2f971340280513e63b
          • Instruction ID: 6147d604300b522808a9d6a888462c4285f3962eab73a081b549a3ba0cd1f39f
          • Opcode Fuzzy Hash: e0e7518e35fd6da39c09567a198b171f35fc7cf91b627b2f971340280513e63b
          • Instruction Fuzzy Hash: 68F0C272E101598BDB14DF64C4559EFBFF29F84300F54892AD442A7244DFB09A07CBC1
          Function 060E54CA Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bb9df0def5552849e571c66eeb718ba5935687530cc83f9420576d36244badf2
          • Instruction ID: 5be240a967bf1ab521812604c2e0705f6beaffbfe1a89700603653e88f61d82f
          • Opcode Fuzzy Hash: bb9df0def5552849e571c66eeb718ba5935687530cc83f9420576d36244badf2
          • Instruction Fuzzy Hash: 82F0F672D101198BEB15DBA4C5666EFBFF75F48300F144C26C042EB244DF74590687D2
          Function 060ED0D7 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c83bebb9064d6119675e58766739672819100f76b24da840094a711d527cbef8
          • Instruction ID: d59a7e04dae47114d2a5bac7a13e2eca2f06dbb4aae4a57d39cfa911754e0a75
          • Opcode Fuzzy Hash: c83bebb9064d6119675e58766739672819100f76b24da840094a711d527cbef8
          • Instruction Fuzzy Hash: DDF024327492692FCB00D7A9AC00CBF7FA8DE85260318446FE050C7142D631C9019770
          Function 060ED0E8 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a8625b8b9bb932fbea7a7d0921dd7fd0055307848f29332fa4e20aa6ae7728eb
          • Instruction ID: 8800e94fdba0b45c1c96be453fc6fef41620735a51223637e96425e22125d4e6
          • Opcode Fuzzy Hash: a8625b8b9bb932fbea7a7d0921dd7fd0055307848f29332fa4e20aa6ae7728eb
          • Instruction Fuzzy Hash: 97F0A77374412D6F5B44A69AAC008FFBFEDEAC91B1314403BE154C7141EA32D90597B0
          Function 060E6E26 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f389dedac0ec549806fcebb333093df63e689d8f83befa771b175fecab53756d
          • Instruction ID: 43a34c6d12cb4f3da04dc17be5da6caddc388cf654e1f5b7105554f64f8093ce
          • Opcode Fuzzy Hash: f389dedac0ec549806fcebb333093df63e689d8f83befa771b175fecab53756d
          • Instruction Fuzzy Hash: BD11A274A50615CFEB94CF68C998F587BF1AF58308F1544D4D5099B3A2D772ED81CB40
          Function 060EDA38 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d7166b9f166d00c8d5f6718b60d6a62ab65ba73666c9d445e6e5030dd7c292a9
          • Instruction ID: 8af9ff1559c3bb01fa2ef80564262e492b9b22a1a7ab7f41dbbb3988dda5be35
          • Opcode Fuzzy Hash: d7166b9f166d00c8d5f6718b60d6a62ab65ba73666c9d445e6e5030dd7c292a9
          • Instruction Fuzzy Hash: 1CF08C737442296F5B44EA9DAC40CAFBBEDEB892B0314402BE104DB200EA32D80687A0
          Function 061B2690 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 642daba785bdfed520bde62aaa2361fdf9acd3fb8e7cad891d1c16bd1e4572d1
          • Instruction ID: 82ce6b07ce3dd27138f189a9f86056c53097eef66ea901c8a11cf5349596f704
          • Opcode Fuzzy Hash: 642daba785bdfed520bde62aaa2361fdf9acd3fb8e7cad891d1c16bd1e4572d1
          • Instruction Fuzzy Hash: DAF027317192940FC7054AAA68545ABBFEAFFCA630304807AE908C7301EE71CC05C3A0
          Function 0683C708 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e6a4fd1e92d790370b6d1ff5e6318e105aa533d7d216e759e0650a0410659f3b
          • Instruction ID: b96a572abb68c128be4b14f9db3af424d888ef069b7706d5d49cb61360b46c54
          • Opcode Fuzzy Hash: e6a4fd1e92d790370b6d1ff5e6318e105aa533d7d216e759e0650a0410659f3b
          • Instruction Fuzzy Hash: 96F0E239B00218ABCB549768E8055DEBBF5EF88720F000128EA46F7740DA24588487F1
          Function 00F1D600 Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4472631728.0000000000F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f1d000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 54112f534203bdae9595f1d720736557a99fd30c8c0a71eb6573dc5d8f67f8c4
          • Instruction ID: 9267d69d22b51e19cdebad2094232f13bd334a3ab75a0fee2ac227c59b4a4c24
          • Opcode Fuzzy Hash: 54112f534203bdae9595f1d720736557a99fd30c8c0a71eb6573dc5d8f67f8c4
          • Instruction Fuzzy Hash: 07F062714043489EE7108A15DD88B62FFA8EF91774F18C55AED0C4B296C3799C84DA71
          Function 060EAF5A Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2917c943db9af174193df34904da589f5e3f478d84149b4c1e72f9e1ac80af5e
          • Instruction ID: dfbe5458376d5f152c04b0d4295e175126d571a3bd8313273e15c13c57647c5a
          • Opcode Fuzzy Hash: 2917c943db9af174193df34904da589f5e3f478d84149b4c1e72f9e1ac80af5e
          • Instruction Fuzzy Hash: 2EF05230A052449FC741DFB8EC4685EBFF6EF89210B2088AEE049C7205DA789F18CB50
          Function 060E4D5F Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29a1c9a78f539fdfed13291a82e99e63afb13a4b3e1beed98443122c59c2c451
          • Instruction ID: 41b23d20350fb2cb0ecc3544ca1b99d8011df55138790109cb615cd9aeedee28
          • Opcode Fuzzy Hash: 29a1c9a78f539fdfed13291a82e99e63afb13a4b3e1beed98443122c59c2c451
          • Instruction Fuzzy Hash: 97F0AB3634A7202FC31A962CAC114AF2FEADECD172349806BF10DD7201EE248A044390
          Function 0683E543 Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2abaf252d05f171315a6fe1e92bee06f8e930198af5c11e992c756d6c40022fc
          • Instruction ID: 5ddeee3f5b1c7f2264746c30201d6760211fe9a6a5271b0539817f39fa51e274
          • Opcode Fuzzy Hash: 2abaf252d05f171315a6fe1e92bee06f8e930198af5c11e992c756d6c40022fc
          • Instruction Fuzzy Hash: 0DF05472A1011AABDB15DB64C4559EFBBB69F48310F454826D502E7340EE70590A87D1
          Function 0683D59F Relevance: .0, Instructions: 34COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 66921ff9bb1d671578b8876080361de0f2813f24ec1b8c57eed0443f75308a54
          • Instruction ID: 1baf12b36bb55cb6f0ef89afa2d3e06760a0bfbc4330d07e2d949effeb24fce8
          • Opcode Fuzzy Hash: 66921ff9bb1d671578b8876080361de0f2813f24ec1b8c57eed0443f75308a54
          • Instruction Fuzzy Hash: 5CF0B472A1011ADBDB15DB64C525AEFBFB69F85300F05492AD142BB350EE704606C7C1
          Function 060E2438 Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 902251b55d70eedf6c2ad242a1c60c2937d1b5bc11c17bc4b02cfde919cce77e
          • Instruction ID: 95a3bfe770945c09dd9627d561337133d42914adabef57cf9fbcf4e6b1f0997f
          • Opcode Fuzzy Hash: 902251b55d70eedf6c2ad242a1c60c2937d1b5bc11c17bc4b02cfde919cce77e
          • Instruction Fuzzy Hash: 7CF027B2E1011A9BDF04DB68C4159EFBFFA9F84300F00842AD402BB340EEB05A06C6D2
          Function 060EAD00 Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d459b91297217b53c896e914102911d02f69d7355e1d8b237012a8062599ae76
          • Instruction ID: 6ab4893a668cd027681d1458b12db609f0fe53c999cc7e93076ba8ab837ddeab
          • Opcode Fuzzy Hash: d459b91297217b53c896e914102911d02f69d7355e1d8b237012a8062599ae76
          • Instruction Fuzzy Hash: A9E02B363483502FCA168AADDCE0D8BBFE5EB86620B100456E148C7181C651A807C3E0
          Function 060E7D70 Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 15c45029af81b9dade01bd80461959dcd2f593f93992dc5da5edc12702073d14
          • Instruction ID: 8c0827b18759523546a00df280aa3ecc70365c3099c8ce40ffa8ec9011a77dff
          • Opcode Fuzzy Hash: 15c45029af81b9dade01bd80461959dcd2f593f93992dc5da5edc12702073d14
          • Instruction Fuzzy Hash: 45F06D317496105FC359DB6DEC90C96BFF5EF8D6613110AEAE548C7351CA21EC06C7A1
          Function 061B47A0 Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7420849a0937facaa266bdb7f1873cc6fe482144ba3b8f8b32cff3b9e6fcbc65
          • Instruction ID: 469f8efff4875db56beed9f809b59533fd82e98230692d627a463204610f9776
          • Opcode Fuzzy Hash: 7420849a0937facaa266bdb7f1873cc6fe482144ba3b8f8b32cff3b9e6fcbc65
          • Instruction Fuzzy Hash: EBF0E535B103124FD754DA79D8408A6B3DAAFC9290314D1B5DA08C732AEEB1CC02C7C0
          Function 061B790F Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 90d02d4c7eaa220ce102686cb62b2d636c4cf08bca6e29116f4ab5951eff046a
          • Instruction ID: 9a165866fa2df2c9b6f2c16889100b3dcafed42deee6c643db07e8c335e34b73
          • Opcode Fuzzy Hash: 90d02d4c7eaa220ce102686cb62b2d636c4cf08bca6e29116f4ab5951eff046a
          • Instruction Fuzzy Hash: 45F0E531F0A2549F87528E6E6C459DBBFFAAEC5331715116BE908C3151D3218A29C7E1
          Function 00F7DC6F Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7cf717b5554c9fb3e8c5516cb71a2d173c38349b8e075a746b322b432d76c8e1
          • Instruction ID: d57c12cefc316d701ae5e6280d87477740fa94356f3f9880a5908111724d4c66
          • Opcode Fuzzy Hash: 7cf717b5554c9fb3e8c5516cb71a2d173c38349b8e075a746b322b432d76c8e1
          • Instruction Fuzzy Hash: 6EF02035B0421057D7060A19B5243BA7EFAAFC8721F18802BE80AC7340EFA9CC42D792
          Function 0683B5C8 Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 75f573d66bdb2a141044cd9403fcc599eca18ef3166ccbc14d28f8b628771b42
          • Instruction ID: 677c46b39e684d54d86755e56eac4150eea992e82ff012d6ad99d366ab873e7e
          • Opcode Fuzzy Hash: 75f573d66bdb2a141044cd9403fcc599eca18ef3166ccbc14d28f8b628771b42
          • Instruction Fuzzy Hash: F8F0E972D1021D97DF04DB64C4255EFBBF69F84300F004426C502E7350EEB0590586D1
          Function 060E4410 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 36a522c7d624e9d2ae7e35499c0a5df5a79b554ce0acba2b527f9d5d909b255e
          • Instruction ID: 9b2631717bc67cdb9b845b59571997de63162fdb4ad6f7bf897cbd4050102fa3
          • Opcode Fuzzy Hash: 36a522c7d624e9d2ae7e35499c0a5df5a79b554ce0acba2b527f9d5d909b255e
          • Instruction Fuzzy Hash: 59F08272A1011A9BDB14DB64C4559EFBFF69B84300F458526D402BB244DF705A0686C1
          Function 060E54D8 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00f7c811e1bf9850dc7d9e071e00386f83f588fbb2df90bf55359b05ace9bbab
          • Instruction ID: 052a6e10e0df14ed874f1430946abdcb560cb6b1d6dc837eef5013c62eefd967
          • Opcode Fuzzy Hash: 00f7c811e1bf9850dc7d9e071e00386f83f588fbb2df90bf55359b05ace9bbab
          • Instruction Fuzzy Hash: 75F02732E1011A9BDF15EB64C8259EFBFB79F84300F048826D403BB384DE70590687C2
          Function 060E6070 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f840400cc1eaf3bbb5d24ad907362e5943f696488d9e88cf1cc6260fffcb228e
          • Instruction ID: cc2456f375a4615dec0a9c1df3e476cab1da3b838d5bc1f6ec1dc66733317c61
          • Opcode Fuzzy Hash: f840400cc1eaf3bbb5d24ad907362e5943f696488d9e88cf1cc6260fffcb228e
          • Instruction Fuzzy Hash: E8F08272A2012A9BDF15DB64C515AEFBFB69F84300F058526D502AB240DFB1590A86C2
          Function 060E18A8 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6109fb8a73a701627f02d796f711647448dd113c6068bb54cdc0d1d07b0b9c40
          • Instruction ID: 85d1cf4b8d203763c8ddd0641fbfc772914dffa4d30635dad24db119c1e440f2
          • Opcode Fuzzy Hash: 6109fb8a73a701627f02d796f711647448dd113c6068bb54cdc0d1d07b0b9c40
          • Instruction Fuzzy Hash: 3DF0A0317003109B8315966EE88084BFBEADFC8228324C97EE50ACB311DEB2EC02C7C0
          Function 06835FE8 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8140dc3069480c740cf1f3b86f922d789c3dd73775a6f47b88ad91b90c5072f9
          • Instruction ID: c5ff26783ff8cc4583814ee41b8f418f098c22ae024695e355f1a3a3a65f020d
          • Opcode Fuzzy Hash: 8140dc3069480c740cf1f3b86f922d789c3dd73775a6f47b88ad91b90c5072f9
          • Instruction Fuzzy Hash: 5AF0A772E1011E9BDF15DB64C4269EFBBB69F84300F058426D502F7380EF745A0686C2
          Function 0683D5A8 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b886dee98afd50d1c949d59b84b594aacbea549f41ca04240e8e6b6ce6f40557
          • Instruction ID: c72f63852b5fd26aca2d19e262941cbfebb14b90654df7b43477fc51870b2e43
          • Opcode Fuzzy Hash: b886dee98afd50d1c949d59b84b594aacbea549f41ca04240e8e6b6ce6f40557
          • Instruction Fuzzy Hash: 9CF08272A1011A9BDB15DB64C525AEFBBFA9F88300F0585269512FB380DE705A0686D1
          Function 06839DD8 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cc341e54e41fdc0dcbcadcb554233b4f02f7374a4715736b5456e9311fa65294
          • Instruction ID: 34cef17647abbb084e60ac6d0adba12e7bc06ae8e488a69413cd70be19178ff3
          • Opcode Fuzzy Hash: cc341e54e41fdc0dcbcadcb554233b4f02f7374a4715736b5456e9311fa65294
          • Instruction Fuzzy Hash: E7F0A772E1021E9BDF14EB64C5569EFFBB69F84300F058826D512F7384EEB0590686C1
          Function 0683E548 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cccd61596cc82d53b97730d57a92f6edf80e030e46860d04b388d1d4e44f8fe7
          • Instruction ID: 20e42a60fcfba2440dfd269bd6378b2370a50a2546784ff6c66913ceb7fb3c01
          • Opcode Fuzzy Hash: cccd61596cc82d53b97730d57a92f6edf80e030e46860d04b388d1d4e44f8fe7
          • Instruction Fuzzy Hash: FEF08272E1011AABDB15DB64C4599EFBBB69F88310F458426D502FB380EE70590687D2
          Function 06838230 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 08321f89d7fe0a831d771bfd91e5efc0e5fe2508aa164e95e9f9f8160dc26233
          • Instruction ID: 046e23a1b401fc10ce053cedc6980a5b1c8c98ad6b3b95aa4a1dd6d91b00554d
          • Opcode Fuzzy Hash: 08321f89d7fe0a831d771bfd91e5efc0e5fe2508aa164e95e9f9f8160dc26233
          • Instruction Fuzzy Hash: 9DF08272E1011E9BDF14DB64C5159EFBBB69B88310F058526D512EB340DE74590686C2
          Function 060EC02F Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4ba8f4804561333834a46bf9d651fa02dc9375c21dabd45a5795f7a0d161fb42
          • Instruction ID: e80ad5aff7db727955cae7bdce73ffad0cb2803f2aab65c904f3a59b83e14dc7
          • Opcode Fuzzy Hash: 4ba8f4804561333834a46bf9d651fa02dc9375c21dabd45a5795f7a0d161fb42
          • Instruction Fuzzy Hash: DDF05875900219EFDBA4EFA8C4449DEBBF1FB08240B100469D46AE7684E7B15A12DBD1
          Function 060E4CEE Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b3f3fd6bf9edf450eb7cb598a90ee671bb7c491bdf8cfc19d08832e261234917
          • Instruction ID: 2b220d93d70c2919b111b4b6cb7c516b98e22ac88e291b086e6f544011862711
          • Opcode Fuzzy Hash: b3f3fd6bf9edf450eb7cb598a90ee671bb7c491bdf8cfc19d08832e261234917
          • Instruction Fuzzy Hash: EFF08276E1011A9BDF05DBA4C5166EEBFF65F48300F058826D512BB254DE705A0A86C1
          Function 061B5FC8 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e2db5a54c62b37f06d0c720e4ac2cf0ddbc76e9f748a1979ec42400c8eb70c0f
          • Instruction ID: 9c61322fe90717d2b993fa6e0af3f2135c62f1ec0363d6ce10ea8c0e6b706269
          • Opcode Fuzzy Hash: e2db5a54c62b37f06d0c720e4ac2cf0ddbc76e9f748a1979ec42400c8eb70c0f
          • Instruction Fuzzy Hash: C6E09B367403086FC710DA66EC85DC7B77DEF99760F014166F914CB251E671E91487E0
          Function 061B77EC Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 038c7fe744c9687164b641c323f4c9788110a9fa76ccfc0db5b1b542ae4ea5d9
          • Instruction ID: fc0a49c31eeb6f8c2918d648fb26aac7384bf5683bb9b92d53c623261e4ed555
          • Opcode Fuzzy Hash: 038c7fe744c9687164b641c323f4c9788110a9fa76ccfc0db5b1b542ae4ea5d9
          • Instruction Fuzzy Hash: 9FF0ED73B281208FE7848B7DD8689A07BE8EF9AA5030205DBE406CF7B2E381DC01C740
          Function 061BB44F Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53599d04a157b35430901246615141d6385998aca2d894fd46845a18ba4ffd51
          • Instruction ID: 7e2a8835326e17ae4293b3560ebeafc70a9d36ddab055f346dd1c9e668755380
          • Opcode Fuzzy Hash: 53599d04a157b35430901246615141d6385998aca2d894fd46845a18ba4ffd51
          • Instruction Fuzzy Hash: F0F0A0B6D083888FC711CF94EC9AACABF78EF45320F14409BE494DB552DB318525CB61
          Function 06835C08 Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 43a62512a95041db19d5d9cefaf419a3a4fb63e62c5f12809c6c841f0c168df1
          • Instruction ID: 8360bf2b6ccee69316c849c478632d5a2d51240047bbad45f29a8ec74a04868f
          • Opcode Fuzzy Hash: 43a62512a95041db19d5d9cefaf419a3a4fb63e62c5f12809c6c841f0c168df1
          • Instruction Fuzzy Hash: D0F05E35D1022E9FCF01ABB9EC084DEBBB5FF89311B008A26E515B7210FB346659DB91
          Function 0683C5C1 Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1153bd231e0b1e62dcec44f72d63f87cbf7664bc9de743efcbba3a34ed862c23
          • Instruction ID: 3dbe56909e9e3b4c8fe954d4259c111785091d6dc880ea589cfa0fe2a2ab8fe5
          • Opcode Fuzzy Hash: 1153bd231e0b1e62dcec44f72d63f87cbf7664bc9de743efcbba3a34ed862c23
          • Instruction Fuzzy Hash: 92F01C71D0432D9FCB90EFB989015EFFBB8AE09200B10456EEA55F3204E27156118FE1
          Function 060EB0D8 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fbc43aece62c2f4037a8f3cb10ce8bf6905865def9ec30cf6bb252e25dcd9bb0
          • Instruction ID: 3ed82f0f777e3006c4f1d067b9948b21744b35af80a8fde1be87f1de4bc865df
          • Opcode Fuzzy Hash: fbc43aece62c2f4037a8f3cb10ce8bf6905865def9ec30cf6bb252e25dcd9bb0
          • Instruction Fuzzy Hash: F5E020712052511BC356D258FCA08CB6F55DEC72103158B56F00497105D75C1E5382F0
          Function 061B0678 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dd466fe29757526fbb17a15852e8a60b80e8dfd7c06d526df790097881748cbc
          • Instruction ID: a8ad8e914eb0ef12352c1dc68e549274b0bb4e291486b84a2488407697e0517c
          • Opcode Fuzzy Hash: dd466fe29757526fbb17a15852e8a60b80e8dfd7c06d526df790097881748cbc
          • Instruction Fuzzy Hash: 70E09B317092508FC7558B6AA89486A7FB6AFCD62131545FFE10AC7392CA648C098751
          Function 0683F613 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 68191fbaa8ae5910cf7ba5281dc5296ebd5ddc62a360af37dc4ac71b44ea60dd
          • Instruction ID: 71766a591d07d949dfb742ec3ed2d095c918e0f98fc0dbe6c7fc38192793d6a5
          • Opcode Fuzzy Hash: 68191fbaa8ae5910cf7ba5281dc5296ebd5ddc62a360af37dc4ac71b44ea60dd
          • Instruction Fuzzy Hash: 5CF0927120A354AFC706EBB898104EF3FBBDF46224B0105AED546CB292DB359949C7E2
          Function 060EE62B Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b4f18b677e4116f4c700970bcfc2659825c2af5e1eb3304f97a474d71c4fb856
          • Instruction ID: 117786118b92b86c5e601492b69860bab1708c6dc58cc32ad07605dbd8b38fe3
          • Opcode Fuzzy Hash: b4f18b677e4116f4c700970bcfc2659825c2af5e1eb3304f97a474d71c4fb856
          • Instruction Fuzzy Hash: D9E0863B3441243BCD04159AACA0D9FBB99E7C9661B500115E209C7241CA55A852C3E4
          Function 060E136C Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dc06f26cc2ae0471db0a9c67ad316125e647a39305d8ea9a5e0495fa80e636fc
          • Instruction ID: ef2ddb66a6c043fabb029dc168e13dda504800d2663f06cda5163c450483bdc1
          • Opcode Fuzzy Hash: dc06f26cc2ae0471db0a9c67ad316125e647a39305d8ea9a5e0495fa80e636fc
          • Instruction Fuzzy Hash: 15E0D8A345D1715EEB42237CEC623D87F549F93321F1944D3E6D4CA022D134952AC2AA
          Function 060E1150 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e9bb9726963822acf616bbc840162445be68776a9bc80d5778127d0f410db5e4
          • Instruction ID: e27ab8d5cdf0327cb56840e8aea1fb8c1d886849731d73a08d418202f778eae8
          • Opcode Fuzzy Hash: e9bb9726963822acf616bbc840162445be68776a9bc80d5778127d0f410db5e4
          • Instruction Fuzzy Hash: E8F0EDB2C883C54ED762CBAC84806DAFFF0AF57220B6840EBC184DB142E3714527C791
          Function 060EE1FF Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0a03126dc5469b71a63d90a8e3f50243363e84468b5a49a04ed6ecc92d64cf09
          • Instruction ID: 8c9be8bf145af8aed9bb35980d4f6fd9a2e1d7bd873352a6edeaf3770d395d60
          • Opcode Fuzzy Hash: 0a03126dc5469b71a63d90a8e3f50243363e84468b5a49a04ed6ecc92d64cf09
          • Instruction Fuzzy Hash: E6F0E530204B935FC712D728EC808C7BFE6EFC53003200A56F0858B616D764BC5687E0
          Function 060EED58 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d553358f20df8c9678aa3cf289272e663146c937d41f2300bcc8fb3a33631e26
          • Instruction ID: 9199f22b685711cbd89eeeb73fe0c78528f5bd467fda3f165b051a4d8b223429
          • Opcode Fuzzy Hash: d553358f20df8c9678aa3cf289272e663146c937d41f2300bcc8fb3a33631e26
          • Instruction Fuzzy Hash: 73E086373441285B429572FDF8148BBBB9ECFC55A2314843BE605C7241DD26CC12D3E4
          Function 061BABD1 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3f9efe3c7b0071378e8e91677b5886092da7a6d659f2e68b82f05f1572e16934
          • Instruction ID: 8c385d231aea7db39d5ebcc3a8126f99475cae09d851f9e1ebd0be56f7029cdd
          • Opcode Fuzzy Hash: 3f9efe3c7b0071378e8e91677b5886092da7a6d659f2e68b82f05f1572e16934
          • Instruction Fuzzy Hash: 19E04F353461109FC3519B78FD56CE27FA99F8522130941A7F44DCBA71DA22DC408751
          Function 00F729B1 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 26405f5bedc374bbd45d46085eb5ecf3c3a518f470bb9f67fcbc04838723a723
          • Instruction ID: 6fc4b455ad91099fc6428254f02ef4abdc83a4910eb913d9cf3336eef76f9222
          • Opcode Fuzzy Hash: 26405f5bedc374bbd45d46085eb5ecf3c3a518f470bb9f67fcbc04838723a723
          • Instruction Fuzzy Hash: 27F0B4B0600209DBCB01EF78F884B4D7BB6FB84308F204998E4409B24ADA786F169B80
          Function 00F7F3A0 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 847d28e106c77192a407c93e1737b2c191b1b775d8fcca2a79d3b9aa728c6dc5
          • Instruction ID: 07d8951e160ed371bb306893bf91fab8b9a1d2a19c45a4af161cfa7c7cb7b3d9
          • Opcode Fuzzy Hash: 847d28e106c77192a407c93e1737b2c191b1b775d8fcca2a79d3b9aa728c6dc5
          • Instruction Fuzzy Hash: E0F08CB6920248DFC740EFB4DD5529D7FA6FB88302F2149AAE809CA240EE355A149B40
          Function 06831718 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 551fe7ea5afb72b61d509fb1e700db882e9902817c25a55a4836da2e2ae3dbcd
          • Instruction ID: f8dab695d6d6d4be26e291fa4c55d9933f0da340ee9bfa511c72efcfd724d143
          • Opcode Fuzzy Hash: 551fe7ea5afb72b61d509fb1e700db882e9902817c25a55a4836da2e2ae3dbcd
          • Instruction Fuzzy Hash: 11E092362013505FC3228AB8A640C9777FA9EC9A2130945AEE54ACB765CA36DD47C7A1
          Function 061BAA82 Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b4f1920262276111ceba2b7b1726fdfdd07c6d299bf992c5d9673e09a2f63df9
          • Instruction ID: 9a0be6ba1bcb0392bd8751376054c25a5bf7797c6cb5b21946d5281a3b8371f2
          • Opcode Fuzzy Hash: b4f1920262276111ceba2b7b1726fdfdd07c6d299bf992c5d9673e09a2f63df9
          • Instruction Fuzzy Hash: 2DE0863530A5609B87028A64BD1A4BD3F56DA4591230605C7F45AD7761CE174D01C7D5
          Function 060E4D70 Relevance: .0, Instructions: 26COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dfd4563f8293666f66d80f7bb341c3962c36cf8c7aaecb7b6e9174feedc73731
          • Instruction ID: 848587d14630194347c34d3e74d5ba85dbada3e5132eda069ef3e81bf51889b0
          • Opcode Fuzzy Hash: dfd4563f8293666f66d80f7bb341c3962c36cf8c7aaecb7b6e9174feedc73731
          • Instruction Fuzzy Hash: 5EE086323407106B8755565EA85185FBFEAEFCC670354443DF50EC7300EE649D0547D4
          Function 060E19D8 Relevance: .0, Instructions: 26COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f5f79b0e42860c84d40ad66c0f18ebef2415f3756ee1941d9c36a853a1095575
          • Instruction ID: 39dd34ee873d91426841818e0d74d65f77c67d3a90afcca3190ccc6ad5e96c8b
          • Opcode Fuzzy Hash: f5f79b0e42860c84d40ad66c0f18ebef2415f3756ee1941d9c36a853a1095575
          • Instruction Fuzzy Hash: 38E02630A442545FC791EBA88C003D97FF4DF06241F0008B6C9C9C3441E330851AC7D2
          Function 060EE630 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d1c5ff12cc0c4d8ff61fc7e5b216c707ae0576127d26c475b9196b94113bf96c
          • Instruction ID: 6bdc4ff7cfec0c06f2a68c7ca08ff88fed33d67ca3a7ff3ded55d09262ac30e8
          • Opcode Fuzzy Hash: d1c5ff12cc0c4d8ff61fc7e5b216c707ae0576127d26c475b9196b94113bf96c
          • Instruction Fuzzy Hash: ABE0CD3B3441243BC904119EACA0D5FBB99E7C8631F100115E20DC7241CA51E852C3D4
          Function 060EF448 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 646c4fd367f4dc89d003a5d38234e2fd2c458051bc4552baf5cbb9227ca9d1f0
          • Instruction ID: 17af191c355886fcbd47b7e15c18f8ae77e6fe5880a8bed3bbbff21684945596
          • Opcode Fuzzy Hash: 646c4fd367f4dc89d003a5d38234e2fd2c458051bc4552baf5cbb9227ca9d1f0
          • Instruction Fuzzy Hash: 8AE09A30909309EFCB41DFA4DC9259D7BB9EF4621072041AAE849D7282DA311E16DB61
          Function 060E70B0 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fdf124ed0c56e4526731be72d1d6922dcacbfa29085f507e8bff459fb596409e
          • Instruction ID: 5ed1e53b6d847732138313cd27b2dfccad86dac8b793038ad15a25b83ce3ebd3
          • Opcode Fuzzy Hash: fdf124ed0c56e4526731be72d1d6922dcacbfa29085f507e8bff459fb596409e
          • Instruction Fuzzy Hash: 93E01270D50329DF9FD0EBFD89052AE7BE4EE44150B114476D609D7240E6319A50D7D1
          Function 060EBD20 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 345ede52cffbbd0414f1bbf64279533970dcca4b5cd3fd85304c740280127a35
          • Instruction ID: 88b26cd37f6b017d21d767282d4340e0b8e6569ec36c306b67680b84ba2d5477
          • Opcode Fuzzy Hash: 345ede52cffbbd0414f1bbf64279533970dcca4b5cd3fd85304c740280127a35
          • Instruction Fuzzy Hash: 2CE0D8307041801F8355D769A864859FFE7DEC6560314CA9FE045C3246DA2488454791
          Function 060E1DC8 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a88869ba5b7ad8b271fcd52c473eedbb0e9967fc20ac299811e5dbcc0cb23109
          • Instruction ID: 1f3c70aeac3b686678f3b2208b09d0ea6e05e9713b5f399fdb4f112be3d2be77
          • Opcode Fuzzy Hash: a88869ba5b7ad8b271fcd52c473eedbb0e9967fc20ac299811e5dbcc0cb23109
          • Instruction Fuzzy Hash: 9EE06D74E40629CFCF61DAA4D8106EEBBF1EF84314F104599E8156B640EB38AA51CBC5
          Function 0683D617 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 59d49175939ca2fe4a2beb7c950f1453015cd1edf2f571a15f0eb2fd88824530
          • Instruction ID: 6a5c9cb427a61e5f2f81125371e67c1d09a017cb155cd97f7fd7b1ad2deb954c
          • Opcode Fuzzy Hash: 59d49175939ca2fe4a2beb7c950f1453015cd1edf2f571a15f0eb2fd88824530
          • Instruction Fuzzy Hash: 08E068A080D22BCFE351AB64893627E3F71DF12288F580449C202DA165DA784206C3E1
          Function 060E7D80 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 03ff853a9de78211dd03ff045d2f0fecc6161b8baf4c201e77d98c80eafce36a
          • Instruction ID: cfef01c9bae2d38a1399df8eee1c8071f151888c555ada713604e0520c6d0917
          • Opcode Fuzzy Hash: 03ff853a9de78211dd03ff045d2f0fecc6161b8baf4c201e77d98c80eafce36a
          • Instruction Fuzzy Hash: 76E082323005206F8248AAAEEC84C8AFBE9FB8D67035045B9F20DC7311CA21EC0187A0
          Function 061B8739 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f0fdc744ce1fc7a8266bf52263f4a1486618e2833b611a42ce66ae9c1566d7e6
          • Instruction ID: c47dfe42adb14f63e6877a1ee2d4a7c6b4b337db80a8582a2335e497728fbeba
          • Opcode Fuzzy Hash: f0fdc744ce1fc7a8266bf52263f4a1486618e2833b611a42ce66ae9c1566d7e6
          • Instruction Fuzzy Hash: F0D0173121A2542F83964A3AAC02CD23FACDE06AA030614E6F509CB672C692980483E1
          Function 061B4792 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5bac05406f01e9d6a47208fc7925296c82ce62bd3b09b8641637548f556a3425
          • Instruction ID: ec66dc33ed7b69964946e1c3b392cd0eea5cf686dfc21605831ca66e81b3ec5b
          • Opcode Fuzzy Hash: 5bac05406f01e9d6a47208fc7925296c82ce62bd3b09b8641637548f556a3425
          • Instruction Fuzzy Hash: D3E08639A093525FD71646709C40CA2BBAA5FC625031DC2A2D9048B26BDA75C853C7A0
          Function 00F729C0 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04e17884f092561faa99c08b44c9c1fb6dd2120957d3c3fb2457b3f68be09389
          • Instruction ID: a5f65d560b2472c8046750c5b941c19539823ecab48e16a3c89facfeba2bcb83
          • Opcode Fuzzy Hash: 04e17884f092561faa99c08b44c9c1fb6dd2120957d3c3fb2457b3f68be09389
          • Instruction Fuzzy Hash: 24F03774600209DBCF41EF68F88464D7BB6EB44314F204998E40497249DA786F569B80
          Function 00F72F21 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d2ba06e60b4822e2be23f340695af7dbfebb0a2863c2e1d942c1eed6c5071f7c
          • Instruction ID: 4cba080d529acd75080c088cc5c205aaaac64773957f21e45ac92a9033c69bb0
          • Opcode Fuzzy Hash: d2ba06e60b4822e2be23f340695af7dbfebb0a2863c2e1d942c1eed6c5071f7c
          • Instruction Fuzzy Hash: 07E09BB5E01109DFDB00EF78FD81A5D7BF6EB44214F6489A4E804D720AE934AF159790
          Function 00F7F3B0 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0acbe67672f68393b98d188c6f1814e5cba1c8942ba66c0a68a5213ca72c7bc8
          • Instruction ID: 9fce463beb8b7d570d9283c26d028950f20e192ecb33c1ae68e88f233d455510
          • Opcode Fuzzy Hash: 0acbe67672f68393b98d188c6f1814e5cba1c8942ba66c0a68a5213ca72c7bc8
          • Instruction Fuzzy Hash: 1FE092B5920248DFC700EFB5DC0559E7FEAEB89300B6089B9F809CB341EE316A10DB91
          Function 00F7B8DC Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 925091b6fb127e2a17908eb03f2cd1374b09680eb94845588451f5f5355edff1
          • Instruction ID: f18b63b276591b639ae9709fcc90cb9dd1a847d652d10ef3f35e8be82bfe6384
          • Opcode Fuzzy Hash: 925091b6fb127e2a17908eb03f2cd1374b09680eb94845588451f5f5355edff1
          • Instruction Fuzzy Hash: FDE0207390C2504BC71152686C501EC7F71D9A235674445DFD299C7061E7185619A352
          Function 00F779BB Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d1e41f044113bc52cc18d8e366fbd5eb562bcc7f89933d238787523a47c42948
          • Instruction ID: 499b901727f73f8f6d196b759daba431d4d1030b33461f7fb5648aa195582cad
          • Opcode Fuzzy Hash: d1e41f044113bc52cc18d8e366fbd5eb562bcc7f89933d238787523a47c42948
          • Instruction Fuzzy Hash: DED02BA360D3642AF734141EAC51B2B6F9CC7E16B0B1D403BF94CCA201D646CD00D1F5
          Function 060EE248 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4b43c1fd8f3ab4de3593ddced7330de0844d8e8539294175d6095df70a33ce4c
          • Instruction ID: 601539d4dfcd484772178edf8e39883ee6394f0ab3f86fc51ef0fe590f8a8398
          • Opcode Fuzzy Hash: 4b43c1fd8f3ab4de3593ddced7330de0844d8e8539294175d6095df70a33ce4c
          • Instruction Fuzzy Hash: 19D02B357051601F83495758FC528AE7F69CECF2A132400ABF443D3241DA2C0C429BF1
          Function 060E8D38 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8b821c1b7f3d0ee74bc74655d8ec4ca42d9a8cc634f799d4e120163345598d17
          • Instruction ID: c4dc5b4cfb29b187be2eff0d155bdd4edb0d0ec756f671a07c8db117d2a80fc0
          • Opcode Fuzzy Hash: 8b821c1b7f3d0ee74bc74655d8ec4ca42d9a8cc634f799d4e120163345598d17
          • Instruction Fuzzy Hash: C9E0DF30A04308EFCB44DF68D94048DBFB6EF4A31072048EAE445E7212EA309F00EB51
          Function 060E6F23 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6b68299d2b9d84d008eb2a2ee3ec2c9560915ff990aaa2a606a1c660be4f047e
          • Instruction ID: 8515dd31b0c4c292e0122fecb1ffe64310318b10a75f633d9f9ce14e6910491b
          • Opcode Fuzzy Hash: 6b68299d2b9d84d008eb2a2ee3ec2c9560915ff990aaa2a606a1c660be4f047e
          • Instruction Fuzzy Hash: 13E0E5B1A583158FCB1C8F6DA540898BFE0EB8832071142EEE01DCB362D730C6418B65
          Function 061B5359 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4c38f17088c9364488f81792c09e0f4480608994bc4be88e41b3ebcc37b61540
          • Instruction ID: e37d911a65e69a7489cfa78ed6e9e3dcadee68763bdb42ed205b67c9bf461c99
          • Opcode Fuzzy Hash: 4c38f17088c9364488f81792c09e0f4480608994bc4be88e41b3ebcc37b61540
          • Instruction Fuzzy Hash: 88D02B3B70A2D05BC205226868144BF2A4BC7C646031844A7E466C3343CDA58C0343E3
          Function 061B08FB Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 755cc188959061bbd6be2ccfb52e17c5b0c090cc867903c3ebf407f760ee5bd2
          • Instruction ID: e3cbde3a78783b41d4209bbb5776fd7eebf6f9478083e125b2e67df14664f802
          • Opcode Fuzzy Hash: 755cc188959061bbd6be2ccfb52e17c5b0c090cc867903c3ebf407f760ee5bd2
          • Instruction Fuzzy Hash: 5BE08C6100F3C04FDB164B3288142CE7FA55E03921B2D45CBE182CB093E62D8999D762
          Function 061BC920 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 83656aa316d4006c4281846c32cb875c5211c8ac5c128a554767eee6e392555b
          • Instruction ID: 5cdef22d488d12d30dcfec0a88c9c58f047eb8fc7d160869f4b4b877b9cf63bb
          • Opcode Fuzzy Hash: 83656aa316d4006c4281846c32cb875c5211c8ac5c128a554767eee6e392555b
          • Instruction Fuzzy Hash: 5ED05222B00120270648219E3C858AFEADEDECDAB9361803EE60EC3301DE258C0682E6
          Function 0683F620 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 857e91ae04087a74382802e0b2be3620270b711ef837cb69ff058e05b59a3343
          • Instruction ID: 85832b2e700982ca12d1aa1d55998c93ac1799283f6b946275d1feaefebe48a3
          • Opcode Fuzzy Hash: 857e91ae04087a74382802e0b2be3620270b711ef837cb69ff058e05b59a3343
          • Instruction Fuzzy Hash: DCE0C2316012189FC709EBB8D4144EF3BBBDB85224F0100ADD60AC7354EE35994487E2
          Function 06831728 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b250b1caf2f42ef0fd73a8b23473d427be6135c8c7d4c68068e5dd0d040ba72a
          • Instruction ID: ce57ec306554322bcdc28c94699caaadc37e6ff2b1c38262af6774eb01c31286
          • Opcode Fuzzy Hash: b250b1caf2f42ef0fd73a8b23473d427be6135c8c7d4c68068e5dd0d040ba72a
          • Instruction Fuzzy Hash: A2E08C363006009B8224DA6AE54081BB3FE9FC9A25310856DE60AC7715DF32EC428BA1
          Function 060E6458 Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 16ab3d8cc919166d28fdbe2866556ef76f7b59ddcde400273946e69239e0b943
          • Instruction ID: 36b1271cf183c127319b3386f67f6e1a6a5f7d6786539a48c4c3364518adae00
          • Opcode Fuzzy Hash: 16ab3d8cc919166d28fdbe2866556ef76f7b59ddcde400273946e69239e0b943
          • Instruction Fuzzy Hash: 99E04F709052049FCB85DBE8DE5269DBBB2EF4970472046DAE408DB240EA315F04DB41
          Function 060E854A Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e5b94136f8236377e5832b10ac9804b3db479644319c115b58ad13b27d674a4c
          • Instruction ID: 1b43dd14150713313f573a01022656c8aebd5b4289c054e239717c82bd594cfb
          • Opcode Fuzzy Hash: e5b94136f8236377e5832b10ac9804b3db479644319c115b58ad13b27d674a4c
          • Instruction Fuzzy Hash: A6E0C2797053805FC302AB28ED608B83BE7DFC522131C4867F989E3722CB389C569B50
          Function 060E6F9E Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fd943e0a7be80ca0af6eaeeea2afa2f614c54651598a296daaec3c998c9b5c56
          • Instruction ID: 172f812619bcfea48cbfd8ef8930d26ae050850b05c19a0eecf8f272928b26f7
          • Opcode Fuzzy Hash: fd943e0a7be80ca0af6eaeeea2afa2f614c54651598a296daaec3c998c9b5c56
          • Instruction Fuzzy Hash: C3E0EDB1A506148FD718CF69D840A99BFF1FF88220F1582E6C11D97272D3748A818B90
          Function 060E595F Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 114ef0f97b3b1be1e834b5bb4a7aafff9d10cacaaa3cedf49a352d00e97fbe03
          • Instruction ID: 70137a16b3cf9179c5691d24d2989832bb706d3c6c63ab1920402cb25837e8e7
          • Opcode Fuzzy Hash: 114ef0f97b3b1be1e834b5bb4a7aafff9d10cacaaa3cedf49a352d00e97fbe03
          • Instruction Fuzzy Hash: 94E08670A097914FCB229F68E6416997FF29F46711B041A9AE0898B542CA78590D8792
          Function 061B9707 Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aa991b5c9c3a43dcc6a8c442a5c39430fdd7c42e0491caa9f0a50322933213bd
          • Instruction ID: 430ae3f02d61118ecb18f5bc318d0af5c3b3a0af9e7d7b7a33a00b621b1e3aee
          • Opcode Fuzzy Hash: aa991b5c9c3a43dcc6a8c442a5c39430fdd7c42e0491caa9f0a50322933213bd
          • Instruction Fuzzy Hash: A1E02B3570A3004FD719CFA5E946AD2BBE5BF85B0074A84EEE58DDBA31CA21D902CB00
          Function 061B5398 Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a617d475b454376c2874d0436ed0475c7798b7c708037d85b4cb046e95fd48f9
          • Instruction ID: f44e784832dd44e270ba88f0bf52890ccc82f3be43595cd5ce5cb52ade4b2665
          • Opcode Fuzzy Hash: a617d475b454376c2874d0436ed0475c7798b7c708037d85b4cb046e95fd48f9
          • Instruction Fuzzy Hash: 1AE04F70906248AFC742DFB4EE4199D7FB2DB4720471405DAE40AE7212D6355F559790
          Function 00F77628 Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aa00074faa4c479602815a0f2f20d034dc380848e97b40e9b4e57607596d9350
          • Instruction ID: 22a95f3b99e9f55c0e22c998b5b90dc1485e1c3601cce50444054f5d1c3d2f74
          • Opcode Fuzzy Hash: aa00074faa4c479602815a0f2f20d034dc380848e97b40e9b4e57607596d9350
          • Instruction Fuzzy Hash: 38E0C27A3441405BC21593A8BC00EA77FB7D7C9210B0CC15BED55D2614CA34AC2697D0
          Function 0683EAC0 Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b2a66df90469b842c35559013f65d19b64dd3aee57b0efe6beb5751b9c87e883
          • Instruction ID: 2b3c28bbfb1f5c012d7e93597fd4690af7a1d19068f9180fcd04c0f363697fcc
          • Opcode Fuzzy Hash: b2a66df90469b842c35559013f65d19b64dd3aee57b0efe6beb5751b9c87e883
          • Instruction Fuzzy Hash: 8FD05E4A42E3C00FCB13273408240A52F744D2721030E06C7A0E1CB0E3D5080449C737
          Function 060E7630 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2ca9b771bc5371821adfc2332b85682c4acf9c627cdc1e72f0d9f35abf624ce9
          • Instruction ID: 9415913a567bdc2a11cbd8964b2a0b6dac7b30955a6a8f8f3c4fad8a75bf657e
          • Opcode Fuzzy Hash: 2ca9b771bc5371821adfc2332b85682c4acf9c627cdc1e72f0d9f35abf624ce9
          • Instruction Fuzzy Hash: 84E04F70A1A24AEFCB42DFB8DA5269CBFF1EF4630072149DAE448DB252E6305F15D711
          Function 060E635F Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 46742ee47deb69c39bd6d14a38fd8cb80662ddddf9c3f587ed86c006a556adf5
          • Instruction ID: 8c4ddaa5fd25cb09f74039118c22ccd760eea5266a59c82e78315ee08b6fcaad
          • Opcode Fuzzy Hash: 46742ee47deb69c39bd6d14a38fd8cb80662ddddf9c3f587ed86c006a556adf5
          • Instruction Fuzzy Hash: 90E0267A7083804FC7029B24BA140793FABCBC1226708886BF44AD3302CA344C168F50
          Function 061B5321 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29c6f77e413a63ec905b18262e39b686d6e5dc5e370aa7ea532bb5547664f6d7
          • Instruction ID: 443a487a6dcef2c5f6789a756475e9535d67c1ee1362e18064f39dbdbe907954
          • Opcode Fuzzy Hash: 29c6f77e413a63ec905b18262e39b686d6e5dc5e370aa7ea532bb5547664f6d7
          • Instruction Fuzzy Hash: D5E02B382262504FC3054F7686018AAB7A55FC600030805D7F488CF3B3D524D80A8731
          Function 00F7EB41 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e1855bf9de0f0eb03850dc20dd4212dc6226f43f3f6fb9b24496b6d9e049e40
          • Instruction ID: 1aa39318d1f9e5814bb3f76ee3bfdbed360db6675c5332e2ada4d3f4c9b15672
          • Opcode Fuzzy Hash: 0e1855bf9de0f0eb03850dc20dd4212dc6226f43f3f6fb9b24496b6d9e049e40
          • Instruction Fuzzy Hash: EAD05B36504605C7DB04161994653353FF8974C355F4880DBD80EC1551D71DD601D696
          Function 00F72F30 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c5cc6a748e9b48d37b6794005c15f1b60ae19d5cc03140be450e6373bd4240e5
          • Instruction ID: e439f4a614b3206b36499472717d18a994c6f366c35f5c3ff32f2368fbc0a9ad
          • Opcode Fuzzy Hash: c5cc6a748e9b48d37b6794005c15f1b60ae19d5cc03140be450e6373bd4240e5
          • Instruction Fuzzy Hash: 75E04F71A00209DFCF00EF79ED4095DBBF6EB84204B2085A4E804D7208EA35AF199B80
          Function 0683C4DD Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d407440df5c32649661923de3a57628deeac51c36894f6250d2d79ee174d5886
          • Instruction ID: 04cfabaf41727b1b8a179ad91763a0206e559d2955bfbef6982a242b582ae02f
          • Opcode Fuzzy Hash: d407440df5c32649661923de3a57628deeac51c36894f6250d2d79ee174d5886
          • Instruction Fuzzy Hash: 91E03279A00219CFCB40DF90DA59A9EBBB1FB48350F104841E809E7394CB749C40DF90
          Function 0683D479 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b925ef9d8dfc69256399befd4bf2891e37e3a1668215f5cff658e6e1689cb702
          • Instruction ID: 0f39218f919ab5bdb9d43806f8ee633dbfe73bd8ed8ee58c6b918b327e06e9e8
          • Opcode Fuzzy Hash: b925ef9d8dfc69256399befd4bf2891e37e3a1668215f5cff658e6e1689cb702
          • Instruction Fuzzy Hash: 20E04FB1E0426A8EDF64CB6CA8415ACBBB0EB84214B1042FAD469D7251EB3089448B21
          Function 060EC511 Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d4a8eddffc5c5369617e8365e061312815d74dab7a59f11ca191be1dcd353fce
          • Instruction ID: 4cc6fab23c11d52ebb5c892ec247f41a398fc9e03c0022e12c3427f9e3d04bef
          • Opcode Fuzzy Hash: d4a8eddffc5c5369617e8365e061312815d74dab7a59f11ca191be1dcd353fce
          • Instruction Fuzzy Hash: B5D0A732B542606F839673BCB8154DF7ED68FCB5B134504AAE155C7206F9554C06C7A1
          Function 060E8D08 Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4520209926dbdb28be1b0be5b9bc09bcb78c26117ae67c64b84c3ad9d4ddb587
          • Instruction ID: 9018fb8a5a7a879a7c3c93a6f5e8b4ed49e521feacf92a672b50415155cec746
          • Opcode Fuzzy Hash: 4520209926dbdb28be1b0be5b9bc09bcb78c26117ae67c64b84c3ad9d4ddb587
          • Instruction Fuzzy Hash: 49D0A9B27002106B02AC226F3C888CFADCFCECE27534800AEB20BC3242CC280D408270
          Function 061BA9A8 Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 451db3241143c37c5cffe83f72e2d68bb5c3924dbf64c359a01198888cea9053
          • Instruction ID: 74a00f1f252a67ac97d1dde931f1b554d5839daaf2d9f98d89f81d30cee8b8d4
          • Opcode Fuzzy Hash: 451db3241143c37c5cffe83f72e2d68bb5c3924dbf64c359a01198888cea9053
          • Instruction Fuzzy Hash: 29D05E7504E2906FC351CB64FCC1D92BB68EF4730031D859FE495CB253C6269942CBB0
          Function 060E5547 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4844327b40a8df6dabd4019337c95fe2c7cac5925d0240814df3bde412f77662
          • Instruction ID: a23230adbab8f604483359bdb67dd598631091d22832fa5543eae3c635872676
          • Opcode Fuzzy Hash: 4844327b40a8df6dabd4019337c95fe2c7cac5925d0240814df3bde412f77662
          • Instruction Fuzzy Hash: 68E0DFB0908246AFCB40DFF8DE0219D7BB1EF46204B2442EAE448DB292E7321F05C701
          Function 060E8558 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 656ae5954e59a6a09434e9453b057df6158795205978db66f7eda3cab20f424c
          • Instruction ID: 69a0bade945a8b02832eb5bb6fefb8a64c8ed324fdd4a9dab21651f6d7e0a085
          • Opcode Fuzzy Hash: 656ae5954e59a6a09434e9453b057df6158795205978db66f7eda3cab20f424c
          • Instruction Fuzzy Hash: 03D0A7357003155F8715671AFC008BE7B9BDBC4231318483BF95983710CF74AC539A90
          Function 060E4312 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e7f11f411da3485598ecd421fcd35d6ac500d48a6437cd35da57ee4f3ac94c8
          • Instruction ID: f08c2d72fb38fb7e12e96e197c54165414bdd0fd30fde3d94df98850926877bf
          • Opcode Fuzzy Hash: 3e7f11f411da3485598ecd421fcd35d6ac500d48a6437cd35da57ee4f3ac94c8
          • Instruction Fuzzy Hash: 75D05E72F193548FDB158FBCA51409CBFF0EB8522072981EBC469C72A2DA30C9558721
          Function 060E6370 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: db15dd09f8f9b29a52dc51249a087b7efde0cec0daef03555290220986d23a06
          • Instruction ID: 93313ba189050b05030987971d078ee40b5800ae81bd4dbc2797da7f52ebfca8
          • Opcode Fuzzy Hash: db15dd09f8f9b29a52dc51249a087b7efde0cec0daef03555290220986d23a06
          • Instruction Fuzzy Hash: 8FD05E357003085BC714672AF94487A7BAFDBC5622318442AF90E83700CE74AC069A90
          Function 060E4C26 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 186f3811dcaeb36e39bd43c808aa438afee7480dc79e4f45d56959730141ba51
          • Instruction ID: fa87560377cc31f813d6f3dacf7b7cf8530d2ab2f55fbd326effebafcfbde8e7
          • Opcode Fuzzy Hash: 186f3811dcaeb36e39bd43c808aa438afee7480dc79e4f45d56959730141ba51
          • Instruction Fuzzy Hash: 54E08C31E103058EDF04CBA9DC4069CBFB0EB80234F14C166C01957262C23085458B90
          Function 060E4C38 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 186f3811dcaeb36e39bd43c808aa438afee7480dc79e4f45d56959730141ba51
          • Instruction ID: fa87560377cc31f813d6f3dacf7b7cf8530d2ab2f55fbd326effebafcfbde8e7
          • Opcode Fuzzy Hash: 186f3811dcaeb36e39bd43c808aa438afee7480dc79e4f45d56959730141ba51
          • Instruction Fuzzy Hash: 54E08C31E103058EDF04CBA9DC4069CBFB0EB80234F14C166C01957262C23085458B90
          Function 060E4BD2 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1b3c9e3658959d4f6198a687fbd61867f584e9d15f5de52859c7f71cc0f7328f
          • Instruction ID: d47b89d470f6036c9fc1f9f88586f16bad865700c147bb5b854b24ecc52af404
          • Opcode Fuzzy Hash: 1b3c9e3658959d4f6198a687fbd61867f584e9d15f5de52859c7f71cc0f7328f
          • Instruction Fuzzy Hash: 7ED05E75B553168EDF588FACA8014DCBFE0DBC523471581AAD02AD72A3DA3085558B62
          Function 061BAC70 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8eff198378633866623fd12c013d53972086e0f4dbe76f24eadfa20e0f4aa69a
          • Instruction ID: 1a71317e47643316d3eb2b8bec2d483fff0aed10361c686bb42fc608e98c58c0
          • Opcode Fuzzy Hash: 8eff198378633866623fd12c013d53972086e0f4dbe76f24eadfa20e0f4aa69a
          • Instruction Fuzzy Hash: FBD0C932359278475614AAAAB8145ABB3EEEB846B1344016AE90ED3A91DE51AC0286D8
          Function 061BAC60 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 88462fe399ed455381335e4d505cf78c65464d8e1e0e0b6438d3bff6593dc165
          • Instruction ID: 0761f24311441f7916c15b69ff5bffb3d3fabed024a1ada433e70612db68e408
          • Opcode Fuzzy Hash: 88462fe399ed455381335e4d505cf78c65464d8e1e0e0b6438d3bff6593dc165
          • Instruction Fuzzy Hash: F7D0A73120F3E41FD35747B46C104E27F656E4216035A01FBF4C5C36A2C6108D01C3A0
          Function 061BC218 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 958493727e2d876b9ca5f26e073c94fb94f86947ced9762c99c37654dc060dbd
          • Instruction ID: c0c5a1391b7f64d3589d00eb1adc939f0c991925acb8a47bf7954d66232eb9f5
          • Opcode Fuzzy Hash: 958493727e2d876b9ca5f26e073c94fb94f86947ced9762c99c37654dc060dbd
          • Instruction Fuzzy Hash: 58D02EB0B083068ECF088BBCA4000DC7FE0CBC523071080BAE01ECB2A2DA3084518321
          Function 061B5368 Relevance: .0, Instructions: 18COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e508d0e04b500492202f1b1901866f46f4a1aaa3c94c3f41913bd7d46717608
          • Instruction ID: fa0ccdcebb65b51c52094fb9732d22a0d8d11e6a175d5e0223bd791961cc1e4e
          • Opcode Fuzzy Hash: 4e508d0e04b500492202f1b1901866f46f4a1aaa3c94c3f41913bd7d46717608
          • Instruction Fuzzy Hash: C9D0123671426467461861ADA81587F7A9FC6C69B13144027EA2AC3741CEB5CC0253E2
          Function 060EFCF3 Relevance: .0, Instructions: 17COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ddd92cbffa64d12e3e94f0670453e022fa708a54bdaf47648f3dc44a2519ae33
          • Instruction ID: e944dd6ef0c314fcae84df78439c4782cf0a4fbe7c146599646cc079b0b9bae6
          • Opcode Fuzzy Hash: ddd92cbffa64d12e3e94f0670453e022fa708a54bdaf47648f3dc44a2519ae33
          • Instruction Fuzzy Hash: B7D0A7356053269B87158A54D400851FB6AEF9A62432880BCDD4C4B309CB33EC43C7D0
          Function 061BC208 Relevance: .0, Instructions: 17COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f2c873b5fdfaa88d905ca7c19569f24e14e194a284f53e35c71711f7111a7782
          • Instruction ID: 8e115a86fcfd9529dd68df1ab505bb7d24d91f611b6710b0e6eb4ddc24db90fd
          • Opcode Fuzzy Hash: f2c873b5fdfaa88d905ca7c19569f24e14e194a284f53e35c71711f7111a7782
          • Instruction Fuzzy Hash: 63E01775B503049FCF08CBADD4448DCBFB0EB85231B1681AAE51A9B2A2C330E991CB54
          Function 060E7640 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6487222456dd9074ce7eee74ad8446297f2e0a279a63a0d31e104f94a5d4a99
          • Instruction ID: a54f73a123885d483d222b35e4e7b122517aaaa32366e46f95ffe9a3ed452b29
          • Opcode Fuzzy Hash: c6487222456dd9074ce7eee74ad8446297f2e0a279a63a0d31e104f94a5d4a99
          • Instruction Fuzzy Hash: C9D01770A0120EEBCB00EFA8E94259DBBF9EB48304B2045A9E808D7200EA316F009B81
          Function 060E56E3 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 793054be65508464fd4b43b2ea36a98cc4af675d01ee6143ad313cef3ce2542f
          • Instruction ID: ea54c70030722ee265d53c3f398543b59b164e6c7f5cce3d2e33eb69cdf9a034
          • Opcode Fuzzy Hash: 793054be65508464fd4b43b2ea36a98cc4af675d01ee6143ad313cef3ce2542f
          • Instruction Fuzzy Hash: 13D0A7B6B45205DFCF119BECA8000DCBBA0DBC01347208162D125871A2C63095118322
          Function 060EF458 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a5eeca2c4cdfb6aafc36bb74f6e78d5156f271469da8c4922a140403b1e77ce7
          • Instruction ID: ee827da6c1a917e088ca8743ff465424013f140ac2b414e64ca83d142ec38953
          • Opcode Fuzzy Hash: a5eeca2c4cdfb6aafc36bb74f6e78d5156f271469da8c4922a140403b1e77ce7
          • Instruction Fuzzy Hash: 6ED05B7090410DEFCF40DFA4ED4155D7BF9EF44214B2045A9E809D7240DA355F10DB40
          Function 060E6468 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 158fc96e76d29e10c0048515ae1f4e57d5ba4b65234b1d1e1e47f117bc01be9d
          • Instruction ID: 0e8ec4a2018dc5b2c3b7d9513a14baa66ae621c707aa4c20bc2ffbb654b58bef
          • Opcode Fuzzy Hash: 158fc96e76d29e10c0048515ae1f4e57d5ba4b65234b1d1e1e47f117bc01be9d
          • Instruction Fuzzy Hash: FBD01770A00208EBCB40EFA8E94169DFBFAEB49304B2045A9E808D3200EA312F009B80
          Function 060E5558 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 931d602074dfd641a476438b294df97c10ea923246232c37937dbb6eae8b16a8
          • Instruction ID: c12aa431a7a06fcf5f14ee724958d0f2f25a9beacdba441383d6d85de3827a70
          • Opcode Fuzzy Hash: 931d602074dfd641a476438b294df97c10ea923246232c37937dbb6eae8b16a8
          • Instruction Fuzzy Hash: 4FD01770A04208EF8F40EFACE94259DBBFAEB48214B2045A9E808D3200EB312F049B91
          Function 060E5F7A Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ef5fecc4d180c6e247ddef66420758264b5d2c92faeed1743cea13250dc5aed0
          • Instruction ID: 98efe618f92e32bbde2d753f96fb35fe7a21f79e1f4350ed910dcd4d3ff55a7e
          • Opcode Fuzzy Hash: ef5fecc4d180c6e247ddef66420758264b5d2c92faeed1743cea13250dc5aed0
          • Instruction Fuzzy Hash: 91D0A772B85206DF8F11CBECAC000DCFBA0DBC01353104252D52587191C634D5118332
          Function 060E8D48 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abd14bc5db7b1bde22d3f716812ab3e30739f1b744118257b61e233854363c1a
          • Instruction ID: 984010d2c10e05c9e4dd81a20298e90ca5603d1cd7a80cc7d1fac42d7505856e
          • Opcode Fuzzy Hash: abd14bc5db7b1bde22d3f716812ab3e30739f1b744118257b61e233854363c1a
          • Instruction Fuzzy Hash: 90D05B7090020CEFCF40DFB8D94155DBBF6EB44314B2045E8E409D3301DA355F009B44
          Function 060E5970 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff986c1c2703db5a4abbedf4de68e84d6881e2362cc161d4561a1fac87d98e37
          • Instruction ID: 7bd315e5321ff614ca4822c6be251f6d32183af8f5497a4323d8f27b1b4a27a1
          • Opcode Fuzzy Hash: ff986c1c2703db5a4abbedf4de68e84d6881e2362cc161d4561a1fac87d98e37
          • Instruction Fuzzy Hash: BBD0A730704B258BCB316E1CF50579E77EADB80A25F000A2DF04647540CFB4690487D6
          Function 061B53A8 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 340097f396f48fa167dd600c58f636ad9ac4cc2e8c263c481c10db2ad75725b3
          • Instruction ID: 076c4ce8164e49fec357455d51ec38b64279e48a46b3af7c9bd60f073d606204
          • Opcode Fuzzy Hash: 340097f396f48fa167dd600c58f636ad9ac4cc2e8c263c481c10db2ad75725b3
          • Instruction Fuzzy Hash: 56D05B7090120DFFCB40DFA4E90159DB7F5EB45214B104598E40DD3201EB351F009780
          Function 0683FE18 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b739aabba88a8c75ae14c9080ea89a0918e8a5d001b4d8c97debdbc5591e9fcf
          • Instruction ID: 8bab2325c748271a8e91893e2e417561a69cc48dd1e2b610a60ff054060f189f
          • Opcode Fuzzy Hash: b739aabba88a8c75ae14c9080ea89a0918e8a5d001b4d8c97debdbc5591e9fcf
          • Instruction Fuzzy Hash: EBD0A7313105208FD3449658D849F53B3ADEB88720F10406AE5098B792CAF1FC014791
          Function 06835CA0 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 063b7d891af3cc09f1f05d20a446c0736f3d399604852774259c3513c3f2018a
          • Instruction ID: 5c1aedcd60a916a55fb4e44be662b43afdfcfea68aba8d1126817ebfa7f97680
          • Opcode Fuzzy Hash: 063b7d891af3cc09f1f05d20a446c0736f3d399604852774259c3513c3f2018a
          • Instruction Fuzzy Hash: 72D01270900208EBCB40EFA8E90159D77F9DB49215B1045A8A909D3200DA315F009780
          Function 06834C28 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 58919f8ca04acf78a31b49de50149dc931b47ea78390ca585c3eb74f8edcfae5
          • Instruction ID: f24db9a9755b52db6cf0f959afebe55bac952b750780aedb5ffe747e15d64f96
          • Opcode Fuzzy Hash: 58919f8ca04acf78a31b49de50149dc931b47ea78390ca585c3eb74f8edcfae5
          • Instruction Fuzzy Hash: AAD0C932200118674A00665AAC05CABBB6EEACA6713548036F90897211DE269C1297E5
          Function 060E3762 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 88242592c4ce24637b64adf7b4e79d137c4645b2c0f9ab8130112f793320acd4
          • Instruction ID: af3c0fe69f33c242e71480ba7e089e00b3323b765ae1386124d04bca54575306
          • Opcode Fuzzy Hash: 88242592c4ce24637b64adf7b4e79d137c4645b2c0f9ab8130112f793320acd4
          • Instruction Fuzzy Hash: 8CD0A7B2B05354CFDF218BB894040DC7FB0CEC6130B0541E3C455C7162C630C8558312
          Function 061B9718 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9f5521b1c3cd4e165668d5bc3201af4143884b9962c9a74f9babf1666653b4ff
          • Instruction ID: 4b28c6da3e6f6e8ff3207296d1eb46f24351f87bbec3a6a9b8952b1bbd3bc54c
          • Opcode Fuzzy Hash: 9f5521b1c3cd4e165668d5bc3201af4143884b9962c9a74f9babf1666653b4ff
          • Instruction Fuzzy Hash: CAD0A9347056008F8328CF0AD440862B3ECFF89A1034184AEE10ECBA20CA60E8018B80
          Function 061B74D9 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ebca08daa0bd011e7d2f62093738d632be20b9eb20e43b22fc3d34d307df85c6
          • Instruction ID: d6cb28bc11c3cd55ef610cda80ae78c28da6649a6afb2b3eabe13a409cda92d3
          • Opcode Fuzzy Hash: ebca08daa0bd011e7d2f62093738d632be20b9eb20e43b22fc3d34d307df85c6
          • Instruction Fuzzy Hash: 17D0122240F3C45ED78717713C148E67F355E6355530A14C3F4C1C9193C206466DC7B5
          Function 061BDB67 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fa76b2cff0daef65895e17770ae5ead32ec9b03293d4691c90753f3a40b0be45
          • Instruction ID: 78b321142e87509eb518bf258909d547933065eb3a57a0f88f81e8a8935180c9
          • Opcode Fuzzy Hash: fa76b2cff0daef65895e17770ae5ead32ec9b03293d4691c90753f3a40b0be45
          • Instruction Fuzzy Hash: 9DE01230D4120ECFDB5CDFA1D564AAE7772BF44305F305818C401AA244DBB58545CF80
          Function 060EB8F0 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e9d879976e6f090cb99dcd098347ddf5da57cf77817fb5e4b6e767bf1787b8e
          • Instruction ID: bde66cedc7286edb9892309befed9fef11c76fa0232c0e8b1fc42ec9209b49ea
          • Opcode Fuzzy Hash: 4e9d879976e6f090cb99dcd098347ddf5da57cf77817fb5e4b6e767bf1787b8e
          • Instruction Fuzzy Hash: CAD0C93910F665DFCB025B6089A09523B35AE4AA043B442D6D1408E869C236CD1ACB62
          Function 061B9EF1 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b956dab662337def35ece6d8563a51191928b3970f087001aa6908ba53314e83
          • Instruction ID: fada482744585cd89f82b07b6ce0df7da2dcc2a68079bf02042417612c649ae6
          • Opcode Fuzzy Hash: b956dab662337def35ece6d8563a51191928b3970f087001aa6908ba53314e83
          • Instruction Fuzzy Hash: 90D0A972B002098F8B108BAC99000DCBFA0CAC1131B1442A6D219832A1C62088968322
          Function 061B5330 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d200dd78f1c934a06df978b284646390e779d87202953a9dcad05d64c3e62eb9
          • Instruction ID: 322d365fb13c39e8810d57e88d44cf3045717c72c0b206b577d7208b936b06a6
          • Opcode Fuzzy Hash: d200dd78f1c934a06df978b284646390e779d87202953a9dcad05d64c3e62eb9
          • Instruction Fuzzy Hash: 1BD0123036021A8F9B489ABA940286EB3EA6FC891035440A5BA09C73B2EE24EC014625
          Function 00F70839 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6cffae32734bef744556f493538ea4b884df10a1c0f52b730965c17cacbde2d
          • Instruction ID: 903ec8c45b8950bb3c1b578ffd65b8566d0e46c4b3063bac0e981b7c04f5d42c
          • Opcode Fuzzy Hash: c6cffae32734bef744556f493538ea4b884df10a1c0f52b730965c17cacbde2d
          • Instruction Fuzzy Hash: 17D0122448D3C51FDB1607741C2A4993FA01C4322030605DFD885C72E3D56C484B8712
          Function 0683F7D0 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ad201e3a09f538d4e991930abdf8607a4fc12631254518712f142d6d414b4fcc
          • Instruction ID: 42ec3e78abb46fbbeb04560432a335eebcf4b270a06c5556aeb5a52b9f8bdffa
          • Opcode Fuzzy Hash: ad201e3a09f538d4e991930abdf8607a4fc12631254518712f142d6d414b4fcc
          • Instruction Fuzzy Hash: 72D0C96261192097C7294B48B00CAD6FBEABFC9721F85557BA50DC22659620144183B1
          Function 060E3750 Relevance: .0, Instructions: 13COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 26668f872bb7a65e011fb23c8d25209dbc47ed9a4e76e4c960434a94f62a34ff
          • Instruction ID: 66337778387e586f633c29815de98106ac4161d93e03b0ad6b30055ed1cd4c87
          • Opcode Fuzzy Hash: 26668f872bb7a65e011fb23c8d25209dbc47ed9a4e76e4c960434a94f62a34ff
          • Instruction Fuzzy Hash: C9D0127AA45219CFDB258BA895044DCFFA4DAC1131F0442A6C556876A1C760859587A2
          Function 060E375F Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 56c4cc808cc5c1b91902a96d423b22471420099bb74bd60ca451d1bb41315903
          • Instruction ID: 7b7b5bd268828234ff45ef87da658fc617d12ba775af5ede255e0964ba853d35
          • Opcode Fuzzy Hash: 56c4cc808cc5c1b91902a96d423b22471420099bb74bd60ca451d1bb41315903
          • Instruction Fuzzy Hash: 41C0807AB412158FDF158BD8D5044DCFFB4DE81131F0442B6C557876A1C3208595C791
          Function 060E1E21 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a8e87609d5315b4d4d6cbed1532050e5f900377efe18656cd9948aceff2ebfe9
          • Instruction ID: 191c6ed29a95185809cd872097951f8f147b2cdef29619795c1b9636a5314e67
          • Opcode Fuzzy Hash: a8e87609d5315b4d4d6cbed1532050e5f900377efe18656cd9948aceff2ebfe9
          • Instruction Fuzzy Hash: CED01230109340BEC7936B64CC04B497FF16F46220F128E46A0F0950F1D1254558C726
          Function 060E1908 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 905ba711ed695dce17ab33054a02439cc503cc4f1fc414e63562febce8926ad6
          • Instruction ID: c42e7b2ca982e9268e5a7ef1aeea70b7043daf50e07a5366eb786a6ca16037be
          • Opcode Fuzzy Hash: 905ba711ed695dce17ab33054a02439cc503cc4f1fc414e63562febce8926ad6
          • Instruction Fuzzy Hash: 2FC08C312404289B8704974DE810999B75EEF8952C318409AE20D83322CA236C2286C8
          Function 061B1E20 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb0cb3f7f037ca78eb37f1d1ce7b0d375f86b686dd7c2f8fd6cc09883680db32
          • Instruction ID: 2d7c7eb33810f3d5196ac5a3b21d01ead27c4f96213804b7dea3968a253d3e24
          • Opcode Fuzzy Hash: cb0cb3f7f037ca78eb37f1d1ce7b0d375f86b686dd7c2f8fd6cc09883680db32
          • Instruction Fuzzy Hash: 8BC08C315293A0FED71352606D49BD67FA30B56330F05C482A285874A38E660C4AD733
          Function 061B9F10 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23788df03f4c48b7c2e581dc2a11f6c31f3a146172deed5baa16a34f90fcdcf2
          • Instruction ID: f0233dadf3ba7c27f6cf6ab74d9c1504c3490bed9ccd073bc9a620138268f2b9
          • Opcode Fuzzy Hash: 23788df03f4c48b7c2e581dc2a11f6c31f3a146172deed5baa16a34f90fcdcf2
          • Instruction Fuzzy Hash: 3FD01236B412058FCF10CBA4D9004DCBFB4DFC5131F1442A6C215A72A1C3349D97C761
          Function 061BCC82 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 688106c74dbae1e43861288c7ec6ab571eabaa9bb0cfae8f1b7698dfe44827fa
          • Instruction ID: 9de77fe72fcb0b24f9554f607a5add72e84c45b6b4af5a93111d4ebf9dfda32d
          • Opcode Fuzzy Hash: 688106c74dbae1e43861288c7ec6ab571eabaa9bb0cfae8f1b7698dfe44827fa
          • Instruction Fuzzy Hash: 24C08CD3C0E2C0AFD303A9302C54AA23FB01F33608B0F06C3A442E9157E10D8A298232
          Function 060ED700 Relevance: .0, Instructions: 11COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d08e8fbf5802873e69c2aeb70c54ce2c639c709703a10508691cd6ae9f5c076b
          • Instruction ID: 0b36ca162962dbf2dfd92f5e1f84efd4afae0c0987d2d6d141c22d8a42fe3978
          • Opcode Fuzzy Hash: d08e8fbf5802873e69c2aeb70c54ce2c639c709703a10508691cd6ae9f5c076b
          • Instruction Fuzzy Hash: 09C08C3003F2E18FCB02CB7089651023F30AC0320031D41EBF480CBA9ACA16121ACB36
          Function 060E19C0 Relevance: .0, Instructions: 10COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c1e3caee9b485cb552150d5a9c819581132719fc57acef47e3158278eb2c735f
          • Instruction ID: d7fa33eae5858a84a39677d7c7b94bfa61643fc8a355ea4405ac1694c634d73a
          • Opcode Fuzzy Hash: c1e3caee9b485cb552150d5a9c819581132719fc57acef47e3158278eb2c735f
          • Instruction Fuzzy Hash: 75C04C6842A2C4AFCF629B7494585C53F75EE0B3217168486E590C905AC9219546C766
          Function 00F7EB20 Relevance: .0, Instructions: 10COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d390bea750451eec14e6f23087412db9f5af1ca2af1d62b0922bb06687092ea2
          • Instruction ID: dc4f38045e213ac1b3f3b1aba3293eef032d652085aea140920210d6d12fe30d
          • Opcode Fuzzy Hash: d390bea750451eec14e6f23087412db9f5af1ca2af1d62b0922bb06687092ea2
          • Instruction Fuzzy Hash: 2FC092B680820A9BC654CF24C99274037A7AB95208FE864EDC008CA355D62FDA0ACF01
          Function 00F730CF Relevance: .0, Instructions: 10COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 688631af5b0866e027fb2094755b9b3e1ce870a2c10e3176bed519712a44065a
          • Instruction ID: b0e863a0ec06f72e744460c361873074f8e05addcb9eb131d25c92161d1b3435
          • Opcode Fuzzy Hash: 688631af5b0866e027fb2094755b9b3e1ce870a2c10e3176bed519712a44065a
          • Instruction Fuzzy Hash: 09C08CFB8010009FF7004580E9477853B10E728308F0D0410A180C014BD029D9228A21
          Function 060E1D20 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ee42f79369831cfde7d17740968ddc76ec348b2bb0ce6b7c0ca3fa3f9284ba4b
          • Instruction ID: 689bc82d2f29c849dec0268881e67774609547ee8ab612f591f55ff28e5b326a
          • Opcode Fuzzy Hash: ee42f79369831cfde7d17740968ddc76ec348b2bb0ce6b7c0ca3fa3f9284ba4b
          • Instruction Fuzzy Hash: 20C09B71E74140ABCF516A61C55C5447FB5DF9138132104C591D5C5017BD3054C79751
          Function 061BAC40 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aeb1b70cf96932da508ac8cb11e0ab8abf6744772211aa8f9fbbf5ef374db5f8
          • Instruction ID: 0f8c40b780a49884582af4284841f9aac2497d5d9c5819450131669c08c4ceee
          • Opcode Fuzzy Hash: aeb1b70cf96932da508ac8cb11e0ab8abf6744772211aa8f9fbbf5ef374db5f8
          • Instruction Fuzzy Hash: 56C04C7451A7849FC716472486245447F336B531143D984DED5844A576D62AC887CB42
          Function 00F7DDB2 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8d579641cdc8d9f4f949cec60a3c133521cf8b30e4555b84be595469aae90a24
          • Instruction ID: 44296b832f97fd812a6f6a43843b18fb5fcc072109ae86f48d86aa0572b9e173
          • Opcode Fuzzy Hash: 8d579641cdc8d9f4f949cec60a3c133521cf8b30e4555b84be595469aae90a24
          • Instruction Fuzzy Hash: 1FC01277814240AFC701DA10CC94B1ABF35FBA0342F16C499B44546194C534A411DB16
          Function 060E6F95 Relevance: .0, Instructions: 8COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3c50db4e45b25d162f3c3eb12171ec769770cce1b61cfc2b0dac7cc33abe2141
          • Instruction ID: 868ccabf2e1eabe58f75332ae0c87c341dd9fa58e044c9209ada6737029b1239
          • Opcode Fuzzy Hash: 3c50db4e45b25d162f3c3eb12171ec769770cce1b61cfc2b0dac7cc33abe2141
          • Instruction Fuzzy Hash: 64B09236A841188DEB008E84B4413ECFB60EB80229F1001A3C21852400823601A446C1
          Function 060E4C2F Relevance: .0, Instructions: 8COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484002625.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_60e0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2dfb0b03606dd2857af008af3a314c21deb1b66f8cc051f42afff393a86e336d
          • Instruction ID: e883baace48f27430add7112878a44388f484ab0f901248432c41e861a680833
          • Opcode Fuzzy Hash: 2dfb0b03606dd2857af008af3a314c21deb1b66f8cc051f42afff393a86e336d
          • Instruction Fuzzy Hash: 06B09236A450288DEB408A84B4413ECFBB0E780229F100063C21892501823101A846C1
          Function 0683C416 Relevance: .0, Instructions: 8COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2053269057ad48dd5e5815b7b60693d2db3c188445fbbf9db3d3022cb8908d65
          • Instruction ID: 7b368af234cae3104318824a679d1c68ac988e8ec81b670c161d2d83a130cdf2
          • Opcode Fuzzy Hash: 2053269057ad48dd5e5815b7b60693d2db3c188445fbbf9db3d3022cb8908d65
          • Instruction Fuzzy Hash: 5BB09236A4402889EB108A84B4423ECF760E780229F100063C218A28008231016556C1
          Function 0683C41F Relevance: .0, Instructions: 8COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2053269057ad48dd5e5815b7b60693d2db3c188445fbbf9db3d3022cb8908d65
          • Instruction ID: 7b368af234cae3104318824a679d1c68ac988e8ec81b670c161d2d83a130cdf2
          • Opcode Fuzzy Hash: 2053269057ad48dd5e5815b7b60693d2db3c188445fbbf9db3d3022cb8908d65
          • Instruction Fuzzy Hash: 5BB09236A4402889EB108A84B4423ECF760E780229F100063C218A28008231016556C1
          Function 061BC272 Relevance: .0, Instructions: 7COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 19c8f7a40af7386d5ec15d5b5a994d054e55d6773e7118516918aaa6cfa65e54
          • Instruction ID: ee848304c0130c8eaabdfe9b1dad92685994e651946bf818fa46a97f2decd67b
          • Opcode Fuzzy Hash: 19c8f7a40af7386d5ec15d5b5a994d054e55d6773e7118516918aaa6cfa65e54
          • Instruction Fuzzy Hash: 27B01236A04008C9DF00CBD4F0003ECB770E780237F0010B3D20C624008330026446E2
          Function 061BC269 Relevance: .0, Instructions: 7COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484297125.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_61b0000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 19c8f7a40af7386d5ec15d5b5a994d054e55d6773e7118516918aaa6cfa65e54
          • Instruction ID: ee848304c0130c8eaabdfe9b1dad92685994e651946bf818fa46a97f2decd67b
          • Opcode Fuzzy Hash: 19c8f7a40af7386d5ec15d5b5a994d054e55d6773e7118516918aaa6cfa65e54
          • Instruction Fuzzy Hash: 27B01236A04008C9DF00CBD4F0003ECB770E780237F0010B3D20C624008330026446E2
          Function 00F70848 Relevance: .0, Instructions: 7COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 494848b0be7d02730c67cfd3d0aadd2e5649ee1f22bf01c8b184e8c3575d3448
          • Instruction ID: bf8e9f27f77d0a9a8fa379917722676f3f83456e76466cd4c4dc185d458f1549
          • Opcode Fuzzy Hash: 494848b0be7d02730c67cfd3d0aadd2e5649ee1f22bf01c8b184e8c3575d3448
          • Instruction Fuzzy Hash: 83A0243014470C4FCD0037F4340C03D3F4C35C07043C01410D40D433D1DD3454044040
          Function 06835C70 Relevance: .0, Instructions: 6COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e2e231eb0a9ad91882f747d9427bccd544c128fb16e76face1d039ee5154262
          • Instruction ID: c05aa3a6462e75e231b4c772d2196606a5a7a8c8cb9b9dd08d251a62e627a378
          • Opcode Fuzzy Hash: 0e2e231eb0a9ad91882f747d9427bccd544c128fb16e76face1d039ee5154262
          • Instruction Fuzzy Hash: F9B092694877804ECB7AD26845AC4A5BFBA6F514003CE008B80C289CAA8A48104BC316
          Function 06838A90 Relevance: .0, Instructions: 6COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bbd22753dae9a513d18fdb12cebce92ea4c9a1ddf5d1cdc35828d4af4b1a93d8
          • Instruction ID: f28faddb081d0e6be92832a64a355c138aa994490dd3f953814ac94364081b9a
          • Opcode Fuzzy Hash: bbd22753dae9a513d18fdb12cebce92ea4c9a1ddf5d1cdc35828d4af4b1a93d8
          • Instruction Fuzzy Hash: 1FA0223022030CC38A0823AC38280B8338FA2C88323000022A00E03200CE20B8002080
          Function 068344F0 Relevance: .0, Instructions: 5COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4484883450.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_6830000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a8d2814749ad0e76703981d05e383372e9aa571914c18d1d760afcc21649f264
          • Instruction ID: 686d7e796fcd3724b613a54c5c00e93d1c451ecf4bada2d75825210449f028b9
          • Opcode Fuzzy Hash: a8d2814749ad0e76703981d05e383372e9aa571914c18d1d760afcc21649f264
          • Instruction Fuzzy Hash: AAB002787001009FCF44DB65D258415F7A2EB85315335C599990987345DE37DC03CB40
          Function 00F7FFC4 Relevance: .0, Instructions: 3COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.4473688485.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_f70000_vs_setup_bootstrapper.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2851e8b8adc119c66d8156f230a9cf011b88e7045516819d6aaeb7c63db2e6b0
          • Instruction ID: 3ee5f208bdb67b759489a473657b9d1f4ee3d3ba280e880cbdb406c40c41079b
          • Opcode Fuzzy Hash: 2851e8b8adc119c66d8156f230a9cf011b88e7045516819d6aaeb7c63db2e6b0
          • Instruction Fuzzy Hash: